Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Vulnerability Scanners

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    1

    Vulnerability Scanners

    Does anyone have an opinion on which is better for testing a home network? - SARA http://www-arc.com/sara/ or Nessus http://www.nessus.org/
    Please provide some reasons for your choice.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Personally I used Retina. I only used the trial period, but during that time it provided a thorough and complete analysys (spelling's off ) of my network's vulnerabilities. It's capable of scanning over 250+ some odd IP's for LOADS of vulnerabilities and the like. For more information and the download, visit http://www.eeye.com/html/Research/Tools/RPCDCOM.html
    Space For Rent.. =]

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I've used all three of those and they each have advantages/disadvantages:

    SARA: Decendent of the original, SATAN, this is a nice GUI interface tool that requires a browser. It can be slow but effective in it's scans. Can be determental to some networks with overloading. Requires nmap installation. (*nix only environment AFAIK)

    NESSUS: Very powerful tool that requires a server to be active that the client connects to. This has the advantage of having remote scanners on remote LANs that you can connect to without worrying about the internet (and all the devices) potentially impeding the scan. (scan is done locally while the client connects "remotely"). Has even greater potential for affecting network activity (primarily *nix environment. Windows version has rumors of flakiness -- personally have never used the Windows client)

    RETINA: fabulous Windows scanner, although pricey. It works great at detecting primarily windows issues. Can also affect network activity. (Windows environment only, AFAIK).

    Reality would suggest to NOT rely on one tool but use many to get a more accurate picture. There are other vulnerability scanners (SAINT, SATAN, etc. The following link: http://www.networkintrusion.co.uk/scanners.htm : might be of help).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    NMap. www.insecure.org


    It is arguably the best scanner out there.

    But as for the choices you gave me, I would go with SARA, just through personal experience.


    EDIT: Oops... Forgot about the *NIX issue...
    Real security doesn't come with an installer.

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Ahh, didn't think of NMap. That would be another great recommendation although I haven't used it in quite some time. On my Windows ME machine, it proved to work wonder's as did Retina. As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you. Kudo's to MsMitten's for the brief analysis.
    Space For Rent.. =]

  6. #6
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    The best vulnerability scan is with something like nmap that can show you the services, and versions running.

    You can take this knowledge and look up the vulnerabilities for the specific services.


    Oh yeah, Core Impact is supposed to be good...
    Real security doesn't come with an installer.

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you.
    Well, SATAN isn't kept up to date. I mentioned it for posterity of the authors, Dan Farmer and Wiese Venema. The historical value is there. SAINT, on the otherhand, is kept up-to-date. However, I don't usually recommend or use it because they have gone commercial, which is unfortunate. SARA has been a nice alternative that is Open Source and still available for whoever needs it.

    That all said, it is important to remember not to rely on one tool to determine one's weakness but rather have a variety of tools. This is why it's not a bad idea to have a machine dedicated to this kind of thing that has all the "toys" you need.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    SARA is OpenSource? Wow, never knew.. I heard little about it but heard it's a more and better updated version of SATAN. That's good to hear, might hafta try it out.

    not to rely on one tool to determine one's weakness but rather have a variety of tools.
    I agree 100%. This is a very good point. The more perspective's you have looking at an issue the better, and the more scanner's you have giving you result's of a machine, the better
    Space For Rent.. =]

  9. #9
    Retina vs. Nessus:

    I've used both extensively on purpose: you cannot rely on 1 vulnerability scanner (as others point out).

    Retina:
    * Detects Windows vulns much better
    * Will miss things sometimes (as does Nessus)
    * No CSV or TXT export for reports

    Nessus:
    * Seems to detect web server vulns a little better
    * A little tricky to configure server (UNIX gurus will do fine)

    By the by, Retina's port scanner is Nmap which is darn accurate.

    Use both but if I could only have one I would pick Retina (assuming I had the budget).

    PS. Any Retina users out there who want to share tips/tricks/issues?

  10. #10
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Nessus's port scanner is also nmap .

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •