Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Nmap Security Tool Survey

Posted by michael on Sun May 04, 2003 07:24 PM
from the portscanning-for-fun-and-profit dept.
Security
spring writes "Every so often, the author of everyone's favorite network reconnaissance tool, nmap, runs a survey to determine which security-oriented software products are most popular. This year's tool survey was just released, and it contains some interesting results. Old favorites like Nessus, Snort, Netcat, and Ethereal made the list, of course. SAINT and SARA are still around. But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel. Nikto and Kismet demonstrate the growing importance of wireless networks. The survey contains many good tools. Certainly worth a read."
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Nmap Security Tool Survey 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • remember that these tools aren't going to be the "end all/be all" of network security.

    You also have to have a good preventive security plan, which these tools will help out in. However, there should also be a plan of action should these security measures get bypassed (i.e. an insider job, program exploits, trojans, etc...)

    But that's just my contention...
  • It's too bad. I'd liked to use it sometimes ;)
  • "But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel."

    Cain & Abel has been around for ages, so maybe a new one on the list, not really a new tool.

    Just my two cents.
  • It's These Guys. [drivesavers.com]

    When a windows java exploit can reformat your disk by visiting a malformed web page, you don't really have to wonder why they're so popular.

  • Fine set of tools. (Score:5, Funny)

    by Jack Va1enti (592636) on Sunday May 04 2003, @07:41PM (#5877887)
    Hilary and I intend to run these against every machine in the world, ferreting out and destroying those eeeevil P2P pirates!

  • Ethereal a security tool ? (Score:4, Informative)

    by Rosco P. Coltrane (209368) on Sunday May 04 2003, @07:47PM (#5877912)
    Ethereal == tcpdump with graphical interface. Incredibly nice tool, but hardly a security tool.

    • Re:Ethereal a security tool ? (Score:5, Insightful)

      by the uNF cola (657200) on Sunday May 04 2003, @07:52PM (#5877938)
      You'd be surprised. tcpdump/ethereal is great for say, when some jerk is trying to DOS you and you need to know how.

      Knowing the how allows you to put in filters. Filters allows you to operate.

      • Re:Ethereal a security tool ? (Score:4, Informative)

        by Rosco P. Coltrane (209368) on Sunday May 04 2003, @07:55PM (#5877956)
        Of course, but I mean it's not a security tool per se, it's a general purpose tool that happens to be usable for security purposes. Kind of reading /var/log/messages actually :-)

      • Re:Ethereal a security tool ? (Score:4, Informative)

        by the uNF cola (657200) on Sunday May 04 2003, @09:04PM (#5878235)
        Point is, sniffers are the only tool out there to actually see what traffic is out there. Yeah, you can use nmap for finding out what OS is running (sometimes) but that's not security per se either. Its just tcp/ip-to-OS identification.

        Sometimes ducks don't just quack. The sometimes fly and lay eggs too.

    • Re:Ethereal a security tool ? (Score:5, Insightful)

      by hbackert (45117) on Sunday May 04 2003, @07:57PM (#5877962)

      It's a nice way to check a connection is not made, that packets do not go out of one or another interface, that traffic is encrypted. tcpdump can do the same (except follow TCP traffic, which is very enlightning for users who like telnet).

      So while Ethereal does not increase security by itself, it does add security by making it possible to check out the packets. That makes is IMHO a security tool.

  • mac os X tools (Score:5, Informative)

    by FiDooDa (23111) on Sunday May 04 2003, @08:07PM (#5878004)
    for those interested in sec tools on mac OS X, here is a small list of tools to add :

    rpg [well.com] password generator
    kismac [binaervarianz.de] a kismet equivalent that also includes a WEP cracker. very nice!
    macanalysis [macanalysis.com] a really good security tools suite
    • kismac looks pretty cool for wireless audits. BTW, Bastille Linux is even more badly misnamed -- we've got it working on Mac OS X now! It takes a perl compile and a tweak to perl-Tk, but it works under X on Mac.

      Anyway, if anyone here is interested in helping package Bastille for Mac, especially with that perl upgrade, please contact me!

      - Jay

  • Wellenreiter (Score:5, Informative)

    by Echelon309 (534767) on Sunday May 04 2003, @08:18PM (#5878056)
    Although it wasn't on the list, Wellenreiter [remote-exploit.org] is really great wireless scanner. Plus, it runs on the Zaurus under OZ3 [openzaurus.org], which makes it great for less conspicuous scanning since you don't have to lug a laptop around.

    • Re:Wellenreiter (Score:5, Informative)

      by fv (95460) <fyodor@insecure.org> on Sunday May 04 2003, @10:01PM (#5878455) Homepage
      > Although it wasn't on the list, Wellenreiter is really great wireless scanner.

      Wellenreiter only received 6 votes (even after correcting for poor spelling :) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry. [insecure.org]

      Thanks for the suggestion,
      -Fyodor
      Concerned about your network security? Try the free Nmap Security Scanner [insecure.org]

  • WAP Detectors (Score:4, Interesting)

    by muzzmac (554127) on Sunday May 04 2003, @08:27PM (#5878085)
    Has anyone seen a decent piece of software that can find WAP's on your network by scanning from the wired part of your network?

    What I want is something that scans for known MAC ID's or something to identifiy wireless access points without having to fly all over the country to do it.

    There are plenty of wireless based scanners but they involve travel.

    Any hints?

  • Strangely enough... (Score:5, Interesting)

    by GC (19160) <giles@coochey.net> on Sunday May 04 2003, @08:40PM (#5878140)
    While all these tools turn out to be the Security Analyst's bible to utopia, they're also the ultimate cracker tools, missing only the Xploits that the old neverending line of script-kiddies use to bypass each and every point that these tools do their best to detect.

    Nessus is, however, a single tool, that can be as both useful to the white hat5 as it is the bl4ck hats.

    It gets my number one tool vote as being as useful to both partys - yet completely impartial.

    A very difficult road to tread indeed...

      • Your analogy to file sharing is bad. A better analogy would be to weapons.

        In some la-la fantasy world where violence does not exist, no one would no needs weapons for self-defense. In reality, however, not allowing weapons puts the law-abiding at the mercy of criminals, who may still yet possess illegal weapons.

        In some la-la fantasy world where exploits do not exist, no would need to audit their network for security holes. In reality, however, not allowing such tools would leave law-abiding network adm

  • Timely article for my needs (Score:5, Interesting)

    by l0ungeb0y (442022) on Sunday May 04 2003, @08:42PM (#5878148) Homepage Journal
    In the last couple weeks I've amassed a few servers and a client network so, I've had no choice but to become a sysadmin. Which is not what I consider myself (I'm a graphic designer/Web App Programmmer) but, for the sake of responsibility, I find myself fast becoming one.

    So I welcome any such article as the one posted here to help better educate me and get me up to date on the even the most mundane of utilities (I hadn't even heard of nessus/netcat)

    I'm not a fresh unix convert or technically challenged, it's just that my occupation has demanded that I focus on front end and applicational development rather than network security and monitoring.

    So to get by I've been using very basic common sense like running firewalls for port blocking, not running insecure services such as telnet and in the event that i have to (one of my servers is a multiuser webhost so I had to turn FTP on) research and run a more secure variant of that service (for FTP I opted for vsftpd over wu/pro)

    And for security, besides my basic IP Masquerading and port blocking firewall (ya, it's that basic, I'm no guru) I run tripwire, which I run a sanity check daily as well as run snort.

    This config runs on everyting from my OS X laptop to the RH9 boxes for dev/production serving and seems "ok" for the moment.

    I do plan on evaluating/installing some kernal level patches to the RH boxen such as grsecurity [grsecurity.net] but I thought I'd use this topic to fish for pointers as I am also looking for some good educational material such as IP/Network configuration and indepth material on properly setting up an ironclad DMZ. So if anyone has some highly recommended links or knows of soome good books on amazon to point out or even comments to make here to give some pointers, i'd be much appreciative.
    • Too bad the other responders to your post are nitwits. I'm no expert either and I'll reload this one a few times to see if anyone knowledgeable actually responds...

      In the meantime, I've found that Hacking Linux Exposed, by Hutch, Lee and Kurtz is very cool, and O'reilly's Building Linux Firewalls is very thorough.

      I've also come to realize (admin'ing my company's network for a little over a year and only getting nipped once by me foolishly leaving FTP open) that using iptables with the default door closed
  • I remember back in 94 about a SGI product manager being fired for releasing a tool( nmap??). Basically Irix was being hacked to death and he wanted to do something about it.

    He developed it as a tool to help system administators secure their system but SGI did not like it because crackers could use it.

    Was this SGI tool nmap or not? I was only 16 at the time and can't remember.

    • Re:Wasn't nmap the tool of controversy from SGI? (Score:5, Informative)

      by IvyMike (178408) on Sunday May 04 2003, @09:21PM (#5878296)

      You're almost certainly thinking of Dan Farmer's SATAN. Read the story for yourself. [svn.net]

      • Thanks I am going to download a copy now!

        It still pisses me off today that clueless SGI managers view security through obscurity as a means to an end. Irix today is knows to be one of the least secure versions of Unix out of the box right besied SCO openserver. Hmm how did that happen? Judging by how SGI treated security in the past including this incident shows how Irix got the way it did. Here is sgi's opinion on it [llnl.gov].Non biased info is here. [purdue.edu]

        Anyway he should named it something different. A clueless perso
      • I think his intent was to be contraversial.

        I mean, calling it 'SATAN' instead of something like 'Cute Puppy Dog Network Analysis Tool' is a reflection of his intent.

        That said, I'm really happy that tools like SATAN exist now. Scanning your own network is a great way to learn about network security.
    • IRIX has changed a lot over the past 6 years. At one point, a stock install of IRIX had almost a dozen root-exploitable holes. These days security holes in IRIX are rare, and are quickly patched by SGI. The company has gone a step further and has actually been making useful security suggestions to its customers. IRIX 6.5 includes a pointy-clicky GUI app to help its artsy users secure some common weaknesses.

      For those that have been away from IRIX for awhile, even since 6.5.0 shipped, a lot has been added in
        • IRIX 6.5.19 and newer uses Sendmail 8.12.x. I belive BIND was also updated at the same time.

          But yeah, most IRIX boxes (especially older ones) are running Sendmail 8.9.3 or worse.
        • Unfortunatly if Irix is better it might be too little too late for this dieing company. Isn't it true they sold opengl to Microsoft.

          Brainless management, crazy high prices, and new MIPS processors behind schedule. There are gobs of reasons why SGI may tank soon. They do have a pretty cool new Linux/Itanium2 system based on Origin architecture. 512 GB RAM and 64 processors on a single linux box (not a cluster).

          The biggest SGI is MIPS/IRIX based, though... up to 1024 processors and 1 TB ram on a single mac
    • 1) Update your install of IRIX 6.5 [sgi.com] to the most recent version available to you (6.5.16m for most people, 6.5.19 or 6.5.20 for those with a support contract). If you're unsure about updating, read about the IRIX Release Process [sgi.com] as well as theIRIX Compatibility Mandate [sgi.com].

      2) Install the security patches [sgi.com] for your version of IRIX (note that IRIX releases previous to 6.5.15 will probably not have the most recent security patches available).

      3) If you're a security newbie, run the "Improve System Security" appli

  • Security for the home user (Score:5, Funny)

    by OneArmedMan (606657) on Sunday May 04 2003, @08:51PM (#5878191)
    1) Unplug the power cords and network cables / phone lines.
    2) Put it back in the box.
    3) Send it back to the place that you bought it from.

    Sure its not very practical, but it would make my job a hell of a lot easier

  • I am surprised ... (Score:2, Interesting)

    by Anonymous Coward
    I am surprised that aide was not listed. It is a free equivalent to tripwire (which is on the list), and works very well for my needs on both Linux and FreeBSD.

  • SAINT not SAINTLY (Score:3, Troll)

    by wolf- (54587) on Sunday May 04 2003, @08:57PM (#5878210) Homepage
    After SAINT the network tool went after the author of Saint (the open source server/service uptime application) over a name/branding dispute, we have stopped recommending their product (the network security tool) entirely.

    They were similarly named, however, there was very little chance of them being confused for one another. Apparently SAINT didn't have enough confidence in their own marketing or their customers intelligence to keep their lawyers out of it.

    Just my 2 cents worth. But then, my 2 cents has an effect on a few large clients with large budgets. Good Job SAINT.

  • Eeye (Score:4, Informative)

    by lonesome phreak (142354) on Monday May 05 2003, @12:03AM (#5878925) Homepage Journal
    Retina, by Eeye, is another excellent scanning school. IMHO, it's better than GFILanguard. I especially like the ability to fix registry problems from the scanning machine. It's interface is also very smooth. It's located here [eeye.com]. They also have another product for scanning IIS, but I haven't used it yet.

    • Re:Eeye (Score:3, Informative)

      by barc0001 (173002)
      Retina is good, but even the free version of LANGuard is great for the point-and-click crowd. Windows is not my preferred platform of choice, but I must say I was pleasantly surprised the first time I took a look at LANGuard.
      But I wonder if it's not a bad thing that these tools are starting to auto-fix so many items, like the aforementioned Retina and the registry issues. Call me old-fashioned, but I like my people to fix the problems on a box by actually getting onto the box and doing it from there. Tha
      • You don't HAVE to repair it from the scanning machine. In fact, you still have to get on the machine to update it for patches. I use both products when I do my audits. I like Retina better, mainly because their reports and the interface looks better. I do audits for medical houses for their HIPAA security compliance.

        For the funky stuff...that's why I suggest to always deploy changes/patches to a single PC, run it for 24 hours, then roll changes out to the rest. I always suggest something like SUS for p
    • just run an http proxy through a serial port so that the windows system can't use any other type of connection.

      I'd like to see zone alarm beat that! My solution wouln't give any modal dialog boxes either.

    • Re:friewall (Score:4, Informative)

      by jandrese (485) * <kensama@vt.edu> on Sunday May 04 2003, @10:14PM (#5878509) Homepage Journal
      Zone alarm may provide good protection, but it's far from a great product.
      • There's no way to prevent it from spitting up gobs of annoying dialog boxes. This is especially annoying when you're playing some 3D game and zone alarm tries to put up a box on the screen asking you to allow it to go online.
      • It is a pig. It takes 5 minutes or more to boot on my laptop, and is by far the last component ready when I boot up my machine
      • The interface needs work. It's hard for me to find just about everything in it, from the access logs, to the application table, to the network table, etc...
      • It is not good about remembering your settings unless you shut it down normally. If the only time you leave windows is when you crash, be prepared to tell Zone Alarm that Mozilla is allowed to access the internet all over again. I've actually gone and run every network application I could think of, then rebooted just so I wouldn't have to tell Zone Alarm about it again.
      Those are just the annoyances I could think of off the top of my head. I probably wouldn't run it (I'm behind a BSD firewall at home anyway) except that the IT department insists on it (it's my work machine).

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.