Network Vulnerability Assessment Software

There exist a variety of tools that can be used to gauge the security of an entity's network and the hosts that are attached to that network.  These tools can be broken down into five major categories: password crackers, port scanners, general network vulnerability software, war dialers, and intrusion detection systems.  Password crackers are just what they sound like, they can be used to determine weak passwords on your system.  Port Scanners are used to find exploits in services running on certain ports, they can also be used to determine the Operating System that is running on the box.  Network vulnerability software provides more features than a typical port scanner even though most do employ some type of port scanning.  It can scan a network of machines and determine vulnerable services that are running, the operating systems being run, out of date patches and other possible entries to hosts on the network.  Most then allow for a report to be generated that lists the vulnerabilities.  War dialers are used to find modems that allow outside access to a network.  These devices will dial a range of phone numbers and see if it can find any devices that will handshake.  Intrusion Detection Systems are systems that are continuously run on the network and alert system/network administrators of potential illegal access to the network or a host.  Intrusion detection systems can also take steps to prevent illegal access to the network/host.  These tools can be used by companies to test their networks and fix potential hacks before a malicious individual finds them.  Many companies employ security experts to perform "penetration testing" on their networks to see how secure they are.  However, the use of these tools is often exploited and it should be stressed that they are not toys.  You could get yourself in serious trouble by using many of these tools without proper permission.  The following links provide a good overview of the types of tools available and testing methods that can be employed to get a feel for how secure a network or host really is.  The next two sections include links to commercial and freeware tools.  Many of these links provide access to more information about how these technologies work.  I only included links to vulnerability scanners and intrusion detection packages.  The last section includes links to organizations and web pages that provide security information.  These agencies provide advisories, publications, vulnerability dictionaries/databases and other valuable security information.  These are great places to look for more information on security and for notifications on potential vulnerabilities.   

• "Using the Hacker's Toolbox" -- May, 1999
  • This article list common network assessment tools such as password crackers, port scanners, general network vulnerability software, war dialers and intrusion detection systems.
• An overview of Local Host Security Tools, Remote Host Security Tools, and Port Scanners from CERN
• "Broadening the Scope of Penetration Testing Techniques: The Top 14 Thing That Your Ethical Hackers for Hire Didn't Test" -- July 1999
• "Holy Intruders!: IP-Based Security Auditing Tools" -- Network Computing
  • Review of Cisco Systems' NetSonar Vulnerability Scanner and Network Mapping System 1.0, Internet Security Systems' (ISS) Internet Scanner 5.0, NETECT's Netective Site 1.0 and Secure Networks' Ballista Security Auditing System 2.4
• "Intrusion Detection: A Matter of Taste" -- September 1999
• "Active Audit Technologies: Automated Operational Network Defense"  -- A CERT Position Paper from 1998
• "Security Technologies -- Part Four"

Commercial Software Packages

• Axent Technologies Inc. NetRecon
• Cisco Secure Scanner (formerly Cisco NetSonar)
• Sun Enterprise Network Security Service -- Bruce
• ISS SAFEsuite from Internet Security Systems Inc.
• L-3 Network Security Retriever -- currently owned by Symantec
• PGP Security's CyberCop

Freeware

• SATAN -- Security Administrator's Tool for Analyzing Networks
  • "Improving the Security of Your Site by Breaking Into It"  by Dan Farmer and Wietse Venema
• SAINT -- Security Administrator's Integrated Network Tool
  • This is an updated version of SATAN, it is freely available under the GNU General Public License with means it cannot be modified and sold.
• SARA -- Security Auditor's Research Assistant from Freshmeat
• COPS -- Computer Oracle and Password System

Vulnerability Advisory Centers

• CERT Coordination Center at Carnegie-Mellon Software Engineering Institute
• National Institute of Standards and Technology Computer Security Resource Clearinghouse
  • UNIX Host and Network Security Tools
• Common Vulnerabilities and Exposures from Mitre
• Bugtraq