Kaseya Community

Vulnerability Assessments

  • I was wondering if anyone runs any vulnerability software on their client's systems. I have looked at GFI LANguard and eEye Retina Network Security Scanner. I think both software packages look good, but I wanted to get some feedback from someone who has used either one.

    Legacy Forum Name: Vulnerability Assessments,
    Legacy Posted By Username: ericpeterson



    [edited by: Brendan Cosgrove at 4:37 PM (GMT -8) on 12-20-2010] .
  • To me, there's never going to be a single tool that will do this for you. However there are plenty of great tools that combine to give you a nice report. My suggestions would be as follows:


    • Kaseya Agent - Use to get the patch level.
    • Kaseya Network Drivers - Collect data over a day or two and see if there are any major sources of traffic that shouldn't be there.
    • NMap - External port scan (what's open, what shouldn't be?)
    • Microsoft Baseline Security Analyzer - A decent report in and of itself. This should cover off the best practice settings with regards to security for the server you ran it on.
    • NetStumbler - Any wifi networks out there that the clients could connect to? (If so, make sure they're not). Is the client's wifi broadcasting its SSID? Is the network secured?


    Just my thoughts, I'm sure there will be several more suggestions from this forum.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: arobar
  • I used to use GFI Languard a lot, but now I mostly use Nessus. Works well.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gabe
  • You might want to check out the Network Security Tool Kit

    It's available as a VMWare virtual appliance on the Virtual Appliance Marketplace:

    http://www.vmware.com/appliances/directory/141

    It will run just fine using VMWare Player.

    From the web description:

    NST OVERVIEW

    The Network Security Toolkit (NST) is a system that provides easy access and management capability to best-of-breed Open Source Network Security Applications. The purpose for development of the toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools for testing, assessing, analysis, monitoring and validation of security architectures. The majority of Open Source tools published in the article: "Top 100 Security Tools by insecure.org" are available for use with the toolkit. A Web User Interface (WUI) was designed with the toolkit and provides the management component for a NST system. Access to a NST system can occur through Secure Shell (SSH), Virtual Network Computing (VNC) or a SSL Web connection (HTTPS). Documentation and downloads related to the NST project can be found at http://www.networksecuritytoolkit.org/


    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: misolutions.com
  • I have integrated the Secunia Network Software Inspector into Kaseya. It scans my windows clients every week for more then 6.000 vulnerabilities. When it finds a vulnerabilitie it creates an alarm or ticket in Kaseya.

    We are creating scripts to install automaticly updates for the most common programs ie Adobe reader, flash, java.

    Paul

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: paul@joheco.nl
  • paul@joheco.nl
    I have integrated the Secunia Network Software Inspector into Kaseya. It scans my windows clients every week for more then 6.000 vulnerabilities. When it finds a vulnerabilitie it creates an alarm or ticket in Kaseya.

    We are creating scripts to install automaticly updates for the most common programs ie Adobe reader, flash, java.

    Paul


    How were you able to integrate it into Kaseya?

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: Coldfirex
  • Coldfirex
    How were you able to integrate it into Kaseya?


    The commercial version is command line based. So it is scriptable.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: paul@joheco.nl
  • Sweet.

    Does anyone know of anything comparable that is free/open source and could possibly be scripted via Kaseya?

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: Coldfirex
  • Coldfirex
    Sweet.

    Does anyone know of anything comparable that is free/open source and could possibly be scripted via Kaseya?


    See http://oval.mitre.org/

    Open Vulnerability and Assessment Language (OVAL®) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: paul@joheco.nl
  • both of these vulnerability scanners are supposed to be open source.


    Nessus Security Scanner
    Security Administrator's Research Assistant (SARA)

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x
  • This one looks promising.

    http://www.lbtechservices.com/projects/sussen/index.html

    I havent been able to get it run correctly though yet from the command line.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: Coldfirex
  • I have tried a few programs along these lines today.

    regarding the one mentioned in the post below, I am getting the following error using the command line.

    ERROR Unable to load HTML stylesheet file:\C:\Program Files\MMG Security\sussen\results_to_html.xsl

    This file, results_to_html.xsl is the file that formats the xml output....... I believe I said that right.
    There is unfortunately no support at all for this product.

    I will keep working on it till I find the combo.

    This is the line I am using right now.

    sussen-agent -s "c:\program files/MMG Security\sussen\microsoft.windows.xp.definitions.xml" -o

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x
  • this worked.
    sussen-agent -s -ot xml -o results.xml "c:\program files\MMG Security\sussen\microsoft.windows.xp.definitions.xml"

    Evidenty you cannot use the "HTML" option in the command line on this version.... and it does not look like the developer supports or cares about this project anymore. But the tool works.... so HEY!

    XML data.... that is a start

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x
  • [QUOTE=gamer-x;28702]this worked.
    sussen-agent -s -ot xml -o results.xml "c:\program files/MMG Security\sussen\microsoft.windows.xp.definitions.xml"

    Evidenty you cannot use the "HTML" option in the command line on this version.

    KEWL!, now what to do with the XML data...[/QUOTE]

    Ya, I see an error if the output is changed to HTML. Hmmm, I dont see a working way to send in this bug report either. Not sure what to do with the XML file either.

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: Coldfirex
  • Well XML is a good thing, although I do not personally do much work with XML parsers, etc...

    A simple VB app can be created to parse this data... that is one option.
    I also think SQL server can parse XML data.
    so getting it into a report should not be a big problem.

    I am hoping someone will read this post who has XML experience, and will comment on some options that can be used.

    This tool could end up being a STAPLE for anyone wanting to do an audit of any kind.

    I am going to cross post this, and I am also going to solicit the advice of Sourceminer, if hes still around.
    Cool

    Legacy Forum Name: IT Procedures,
    Legacy Posted By Username: gamer-x