If you find a joystick icon, or the phrase "movie tie-in" confusing, you can always edit your home page settings so you see "None" of the "Games" content on your slashdot.
External audits are good because they bring in experts who focus on finding vulnerabilities in your network. These experts will come armed with a variety of vulnerability assessment tools to perform their audit. The only problem is that it will almost always happen less frequently than vulnerabilities are discovered, so this should only be 1 part of the overall solution.
You should adopt this practice internally, because if the tools are set up to check for vulnerabilities, you can be much more proactive about finding them than simply by scheduling consultants to come every few weeks, months, year. There are a variety of tools available, both freely and commercially.
A good tool will be updated frequently, check a lot of bugs, including the most critical (SANS Top 20, BugTraq, CERT.
Free Tools SATAN -- Security Administrator Tool for Analyzing Networks SAINT -- Security Administrator's Integrated Network Tool -- based on SATAN, GNU SARA -- Security Auditor's Research Assistant -- similar to SATAN/SAINT check the Freshmeat page NESSUS -- another free tool
Commercial Tools ISS has a variety of tools avaiable depending on your needs NeXpose -- try the free demo, great ui, demo only lets you assess 1 IP at a time though:( Here is a review A Networking Computing article on Vulnerability Assessment tools. Reviews many of the major vendors (so I won't list them all). Includes some of the free tools. Here is another overview of security tools to get you started.
Slashdot Mirror
If you find a joystick icon, or the phrase "movie tie-in" confusing, you can always edit your home page settings so you see "None" of the "Games" content on your slashdot.
External audits are good because they bring in experts who focus on finding vulnerabilities in your network. These experts will come armed with a variety of vulnerability assessment tools to perform their audit. The only problem is that it will almost always happen less frequently than vulnerabilities are discovered, so this should only be 1 part of the overall solution.
:( Here is a review
You should adopt this practice internally, because if the tools are set up to check for vulnerabilities, you can be much more proactive about finding them than simply by scheduling consultants to come every few weeks, months, year. There are a variety of tools available, both freely and commercially.
A good tool will be updated frequently, check a lot of bugs, including the most critical (SANS Top 20, BugTraq, CERT.
Free Tools
SATAN -- Security Administrator Tool for Analyzing Networks
SAINT -- Security Administrator's Integrated Network Tool -- based on SATAN, GNU
SARA -- Security Auditor's Research Assistant -- similar to SATAN/SAINT check the Freshmeat page
NESSUS -- another free tool
Commercial Tools
ISS has a variety of tools avaiable depending on your needs
NeXpose -- try the free demo, great ui, demo only lets you assess 1 IP at a time though
A Networking Computing article on Vulnerability Assessment tools. Reviews many of the major vendors (so I won't list them all). Includes some of the free tools.
Here is another overview of security tools to get you started.