[Dshield] Possible problem? {Scanned}

Chris Brenton cbrenton at chrisbrenton.org
Tue Mar 15 11:04:38 GMT 2005

On Mon, 2005-03-14 at 17:32, John Faubion wrote:
> > Any server that is directly attached to the Internet should be SANS 20
> > certified.  Here is the URL on it:
> >
> > http://www.sans.org/top20/
> Does anyone know of a tool to scan for the SANS top 20 that is NOT a feeler
> to sell you a monthly service to monitor your site?

In short "good luck". 

I was the one who created the certification center for the original SANS
top 10 list. There were a ton of vulnerability scanners out there that
claimed to test all the items on the top 10 list. What I set up was a
free service that certified these scanners as actually testing these
items. At the time the center was created, none of the scanners that
claimed to test all the top 10 items actually did.

This was quite a learning experience for me. What I found was many of
the open source vulnerability scanners (Sara and Nessus come to mind as
two of the best) got their act together pretty quickly. Usually within a
couple of tries they got to a point where they were doing a very
complete scan and actually received certification.

The commercial vulnerability scanners were another story. Most *never*
got it right. I remember one product in particular (which will remain
nameless because its still on the market) went round and round between
testing and their developers at least 2 dozen times. They could not get
to a point where they were even testing eight of the items, let alone
all ten. I think just after I left the project one commercial product
actually got certified. 

The top 10 list was far more of a pointed action item list that told you
the top 10 things to fix on your network to get the biggest security
improvement. The top 20 list is more of a generic description of the
typical security problem areas. I'm hard pressed to see how a scanner
could test some of the more esoteric items like "browser settings" or
"mail client setup". 


More information about the list mailing list