[BBLISA] Question about Network analysis tools

snagao at citistreetonline.com snagao at citistreetonline.com
Wed Jan 7 16:39:53 EST 2004 

My manager wants to be able to scan a server to see what ports are open
and make sure the open ports are those that are allowed according to our
security policies before we release the server for production use.

In addition, the tool should not interfere with or shutdown application
ports
while scanning.  This has happened once in our environment and it basically
crippled the application.

One of my colleagues is in favor of using SARA.  Since I have never used
any network tools before, I am looking to my fellow admins for suggestions
on what works well with Linux which meets my requirements and is not very
difficult to configure and use.  And is free.    :-)


Thanks!
Sharon






                                                                                                                                       
                      Public                                                                                                           
                      <echo at beltrani.co        To:       snagao at citistreetonline.com                                                   
                      m>                       cc:                                                                                     
                                               Subject:  Re: [BBLISA] Question about Network analysis tools                            
                      01/07/2004 04:28                                                                                                 
                      PM                                                                                                               
                                                                                                                                       
                                                                                                                                       




That brings back memories. As someone else mentioned, SATAN is at least
9 years old. I'm not sure it will even compile "out of the box" on the
latest Linux distributions. As I recall there was a tool called SAINT
that was designed to supersede SATAN.

Is this project better defined than "throw something like SATAN on a
Linux box"? i.e. What problem are you trying to solve?  That may make it
easier to suggest tools for the job.


FWIW, you may want to check out the following open source tools:

1) NMAP http://www.insecure.org/nmap/index.html

2) Nessus http://www.nessus.org/

3) Snort NIDS  http://www.snort.org/

  - Paul



On Tue, 2004-01-06 at 16:02, snagao at citistreetonline.com wrote:
> I have been asked to install a network security analysis tool like SATAN
> on a linux machine.  The linux machine is running RedHat Advance server
> 3.0.
>
> I would like to know how the various tools compare and which one(s) are
> used in most/many companies.
>
> My thanks in advance to all those who reply.
>
>
> - sharon
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa

More information about the bblisa mailing list