Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Windows vulnerability assessment tools (http://www.velocityreviews.com/forums/t305082-windows-vulnerability-assessment-tools.html)

Cosmic Cruizer 02-18-2004 01:30 AM

Windows vulnerability assessment tools
 
I'm researching flexible, enterprise-wide vulnerability assessment tools for
the Windows 2000 and 2003 platforms. So far, I've looked at the following,
and like all solutions, each of them have their pros and cons:

SecurityExpressions from Pedestal Software
Security Analyzer from NetIQ
SecEdit from Microsoft

As it stands, I am looking for a tool to help proactively manage around
1,500 servers of various types: AD, Exchange, SMS, print and file, etc. The
tests need to be configurable so I can adjust them, where necessary, to fit
our security philosophy. I would rather purchase a vendor supplied solution
then to build something from the ground up that we would need to solely
support internally.

What are some of the other Windows vulnerability assessment tools on the
market? Is there a comparison of the various products listed somewhere?

Thanks

Careers 02-18-2004 07:18 AM

Re: Windows vulnerability assessment tools
 
You might want to check out http://www.foundstone.com/. They have very good
vulnerability scanning software.

Wojtek
Network Security Consultant
SafeIT.ca



"Cosmic Cruizer" <XXjbhuntxx@white-star.com> wrote in message
news:Xns9492B224211F9ccruizermydejacom@64.164.98.4 9...
> I'm researching flexible, enterprise-wide vulnerability assessment tools

for
> the Windows 2000 and 2003 platforms. So far, I've looked at the following,
> and like all solutions, each of them have their pros and cons:
>
> SecurityExpressions from Pedestal Software
> Security Analyzer from NetIQ
> SecEdit from Microsoft
>
> As it stands, I am looking for a tool to help proactively manage around
> 1,500 servers of various types: AD, Exchange, SMS, print and file, etc.

The
> tests need to be configurable so I can adjust them, where necessary, to

fit
> our security philosophy. I would rather purchase a vendor supplied

solution
> then to build something from the ground up that we would need to solely
> support internally.
>
> What are some of the other Windows vulnerability assessment tools on the
> market? Is there a comparison of the various products listed somewhere?
>
> Thanks



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.588 / Virus Database: 372 - Release Date: 13/02/2004



Cosmic Cruizer 02-18-2004 01:47 PM

Re: Windows vulnerability assessment tools
 
"Careers" <careers@safeitNOSPAM.ca> wrote in
<tsEYb.4244$Fp5.302@read1.cgocable.net>:

>You might want to check out http://www.foundstone.com/. They have very
>good vulnerability scanning software.
>
>Wojtek
>Network Security Consultant
>SafeIT.ca
>
>


I'd forgotten all about Foundstone. Thanks for the suggestion.


Cosmic Cruizer 02-19-2004 01:41 AM

Re: Windows vulnerability assessment tools
 
XXjbhuntxx@white-star.com (Cosmic Cruizer) wrote in
<Xns9492B224211F9ccruizermydejacom@64.164.98.49> :

>I'm researching flexible, enterprise-wide vulnerability assessment tools
>for the Windows 2000 and 2003 platforms. So far, I've looked at the
>following, and like all solutions, each of them have their pros and
>cons:
>
>SecurityExpressions from Pedestal Software
>Security Analyzer from NetIQ
>SecEdit from Microsoft
>
>As it stands, I am looking for a tool to help proactively manage around
>1,500 servers of various types: AD, Exchange, SMS, print and file, etc.
>The tests need to be configurable so I can adjust them, where necessary,
>to fit our security philosophy. I would rather purchase a vendor
>supplied solution then to build something from the ground up that we
>would need to solely support internally.
>
>What are some of the other Windows vulnerability assessment tools on the
>market? Is there a comparison of the various products listed somewhere?
>
>Thanks
>


Just a follow up to my own question:

I've found three great links (amoung several others)

http://www.nwfusion.com/reviews/2002...204result.jsp?
_tablename=vulnerability0204 (a few years out of date)

http://www.timberlinetechnologies.co...erability.html

http://cve.mitre.org/compatible/product_type.html

This should keep me occupied for awhile.


All times are GMT. The time now is 05:51 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.