Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
cancel
Showing results for 
Search instead for 
Did you mean: 

Security scan tools

Tony Romero
Advisor

Security scan tools

Anyone have any information on a good security scan tool that can be run from a desktop PC instead of installing on the actual server?
Freedom!!!
4 REPLIES
Michael Tully
Honored Contributor

Re: Security scan tools

Hi,

The only one I know of (there could be more) is ESM. From what I remember of this you load a client on your HPUX server and run a 'server' session from either a PC or an NT workstation.

http://www.enterprise-security.com/unixsecurity.htm

HTH
~Michael~
Anyone for a Mutiny ?
Steven Sim Kok Leong
Honored Contributor

Re: Security scan tools

Hi,

For databases, the ISS Database Scanner works very well in scanning for Oracle-level security loopholes. I am pleased with it. Too bad there isn't one for SAP R/3 level as yet.

There are two modes, one for normal scan, the other for penetration test.

The database scan test will scan for invalid password policies, poor passwords, poorly assigned table privileges and roles etc. It will also call the ISS Internet Scanner if it is available on the scanner system.

The penetration test will try to compromise an Oracle account on your system and read from the hashed password tables to crack additional Oracle passwords.

Note that you will need the Oracle Net8 (sqlnet) client to be installed on the scanner system to allow it to connect to the scanned system for performing the audits.

Hope this helps. Regards.

Steven Sim Kok Leong
Email: steven@beepz.com. Homepage: https://www.beepz.com
Steven Sim Kok Leong
Honored Contributor

Re: Security scan tools

Hi,

I forgot to give you the link:

http://www.iss.net

You can download a trial, request for a trial license to test your test database on.

Hope this helps. Regards.

Steven Sim Kok Leong
Email: steven@beepz.com. Homepage: https://www.beepz.com
Bill Thorsteinson
Honored Contributor

Re: Security scan tools

Check http://www.cisecurity.org/

I haven't yet run the HP-UX
tools, but the Cisco tools
run remotely. A quick look
indicates that server access
may be required.

You could also try any of the
satan derivitives. I don't
know of any for Windows,
but you should be able to
have an old 486 up and running
Linux and scanning within
an hour or two.