Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vulnerability Assessment Scanners Comparison

Posted by Hemos on from the interesting-comparisons dept.

Roberto writes "Network Computing is running a comparison between various commercial and vulnerability assessment scanners - and open-source wins, thanks to Nessus, even though none of the tools could do spot all the vulnerabilities that were present in the test lab."

2 of 36 comments (clear)

  1. Almost impossible to do it right by scott1853 · · Score: 5

    It would take a well trained, intelligent human being to discover security flaws. If your need for security is more than the average home-based internet surfer running ZoneAlarm, then you should hire a 3rd-party company specializing in security to evaluate your system.

    I would use scanners only to perform automated checks to make sure that known holes have not been opened after the initial check. Periodically, the 3rd-party company should be hired to come back and recheck the system for old holes as well as new ones that have been discovered since the previous system test.

  2. Vulnerability Scanner Article Well Worth Reading by dave_aiello · · Score: 5
    The Network Computing Vulerability Assessment Scanner Article is very well written and is particularly helpful to server administrators who have not focused on security issues. I think the Slashdot article could be improved by citing the following passage from the review:
    We set up 17 of the most common and critical vulnerabilities out there, and not one product detected them all.... The closest was the Nessus Security Scanner, which nailed 15 of the 17. But even one hole is too many. Because all the products failed to identify key vulnerabilities, none of them received our Editor's Choice award.
    The comparison is quite detailed, considering the fact that it appears in a magazine that can be bought on the newsstand.

    It may be a bit unfair to take the paragraph I cited out of context because the article goes on to do a good job of weighing the individual pros and cons of the highly rated scanners. Nevertheless, I think the article's key finding is that even the best of the tools they evaluated failed to catch all of the vulnerabilities that they had intentionally installed. Every opportunity should be taken to emphasize this point to the readers.
    --

    Dave Aiello

    --
    -- Dave Aiello