Internet.com ISP-Planet
Search ISP-Planet


Search internet.com
internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet.commerce
Partner With Us
ISP Technology

 

General

Security Tools for the Budget Conscious ISP, Part II: Vulnerability Assessment and Audit

In this article we identify the tools that are available to you as you examine your system's vulnerabilities before and after an attack.

by Lisa Phifer
VP Core Competence, Inc.
[January 30, 2004]
Email a colleague

As described in Part 1 of this article, open source and shareware tools can help to bridge gaps between need and budget. To put together a good security toolbox, you'll want to gather a variety of security utilities, ranging from vulnerability assessment and audit to traffic analysis and forensics.

Here in Part 2, we identify both commercial products and freely-available tools in the first two categories. We also illustrate a few open source and shareware tools.

Vulnerability Scan and Assessment Services
You can conduct your own vulnerability scan or contract a third party to do it for you. Ad hoc in-house testing can cost less, but a trained third-party can spot vulnerabilities you might otherwise overlook and offer expert advice on how to fix them.

When outsourcing, request an example of the report that will be delivered—it should describe executed tests, discovered problems, associated risk levels, and recommended fixes. Beware of services that add little value to shareware scanner output.

Commercial vulnerability scanning and assessment services are widely available, ranging from automated vulnerability scans to customized on-site testing and consultation. Here's a diverse, far-from-exhaustive list of commercial services:

To learn more about managed vulnerability services, see our 2003 Managed Security Service Provider Survey. A thorough vulnerability assessment is much more than just a quick scan-and-report. But, if that's all you need, here are some free vulnerability scan services:

  • Gibson Research ShieldsUp is a fast, free, and rather superficial Web-based scan-on-demand service. ShieldsUp is designed for home users to check Internet-connected PCs, but can be used to scan Internet-facing firewalls and servers too. To view sample ShieldsUp output, click here.
  • QualysGuard Free Scan Services include remote scans for Real-Time Top 10 vulnerabilities, SANS Top 20 CVEs, Slammer, Slapper, and Nimda. Free services are provided by Qualys to promote their more extensive commercial services.
  • Secunia Online Vulnerability Scanner is a free on-line vulnerability scan-and-report service based on Nessus. Secunia also offers several commercial security services, including a vulnerability tracking service.
  • Subject, Wills, and Co. offers a free "security hack" consisting of automated vulnerability testing plus up to one hour of consulting. Many firms that offer security consulting services offer free assessments like this to drum up new business.

Network Vulnerability Assessment Tools
To conduct your own in-house vulnerability assessment, you'll need some tools to identify network nodes and the operating systems and services they appear to be running.

You may want to conduct scans from multiple locations inside and outside your network. Start where many hackers start—outside your network, somewhere on the Internet—to learn what they can easily find out about you. Never scan a network that doesn't belong to you or that you don't have permission to scan. Beware that scans can impact target networks and systems (i.e., some scans are gentler than others). Scans usually trigger security events, generating copious log records, SNMP traps, and/or e-mail alerts, so advise your NOC staff before conducting a scan.

Security Tools for the Budget Conscious ISP, Part II:
Introduction and Vulnerability Scan and Assessment Services

 

 
ISP News
IDC: Microsoft's Yahoo Deal Could be a Big Hit
Ballmer Fills in 'Software-Plus-Services' Plan
Report: Enterprise Search Will Top $1 Billion by 2010

More >


ISP Glossary
Find an ISP Term

Newsletters!
 ISP-Planet Weekly


Best of ISP-Planet

 

Feedback

Advertising inquiry? Click here!

ISP-Planet's RSS feed



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Intel Article: Using Power & Display Context in the Intel Mobile Platform SDK
Internet.com eBook: Real Life Rails
IBM SCA Center Article: Simplifying Composite Applications with Service Component Architecture
Intel PDF: Quad-Core Impacts More Than the Data Center
Internet.com eBook: The Pros and Cons of Outsourcing
Go Parallel Article: Scalable Parallelism with Intel(R) Threading Building Blocks
Intel PDF: Analysis of Early Testing of Intel vPro in Large IT Departments
Internet.com eBook: Best Practices for Developing a Web Site
Intel PDF: IT Agility through Automated, Policy-based Virtual Infrastructure
IBM CIO Whitepaper: The New Information Agenda. Do You Have One?
 Microsoft Article: BitLocker Brings Encryption to Windows Server 2008
Microsoft Article: RODCs Transform Branch Office Security
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
Avaya Article: Advancing the State of the Art in Customer Service
IBM Whitepaper: How are other CIOs driving growth?
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
Rackspace Hosting Center: Customer Videos
 Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Actuate Download: Free Visual Report Development Tool
Red Gate Download: SQL Backup Pro
Microsoft Download: Silverlight 2 Software Development Kit Beta 2
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt
IBM SCA Download: Start Building SCA Applications Today
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Beta 2 Runtime
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications
 Featured Algorithm: Intel Threading Building Blocks - parallel_reduce
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES