wpe13.jpg (12021 bytes)

Testing

Up ]

Information Sources
Updating
Testing
Physical Protection
Child Protection
Virus Protection
Firewalls
Privacy
Suites
Content Security

This section has information on some of the products and services that you can use to test your systems for configuration errors and vulnerabilities at home and at the office.
 

Home Services

 

Finjan Security Test Center

The free test center uses a number of safe tests to check your system for vulnerabilities that may allow malicious code in web pages, downloads or email to run on your PC.  The Test Center can be found at http://www.finjan.com/mcrc/sec_test.cfm.

Hacker Whacker

This online subscription service tests your PC for vulnerabilities. The web site also has information on security issues and links to other security related sites. You can try a free, limited scan to try out the service. the site is at http://www.hackerwhacker.com.

 

Leaktest

This free test checks your personal firewall to see if it can prevent Trojan programs from leaking your information to 3rd parties. For more information, to download and run the test software, go to http://grc.com.

 

Qualys IE Check-Up

This is a free online service that checks for vulnerabilities in your Internet Explorer installation. The tests are safe. It checks for things such as the ability for an attacker to access your hard disk or run a file or program. It provides information on how to fix the issues found. To use the service go to  http://browsercheck.qualys.com.

 


http://grc.com/

The free tests, Test my Shields! and Probe My Ports! tests the ability for a third party to access your PC over the Internet and looks for vulnerable ports. For more information and to run the tests go to http://grc.com or click on the Shields Up! link above or on the home page of this site..

 

Sygate Online Services

This free check looks at your system for vulnerabilities that would allow a hacker to enter your system. It is primarily a testing tool for the Sygate Personal Firewall and Personal Firewall Pro products and is available at http://www.sygatetech.com.

 

Symantec Security Check for Home Users

This free service uses Symantec's  technology to scan your PC to see how vulnerable you are to Internet Threats and offers advice on remaining secure. It can also scan for viruses and malicious code. Another feature of the scan is that it can tell if you are running one of the main anti-virus programs and also if it is as up to date as its should be. Go to http://www.symantec.com/securitycheck/ to access this free service.


Corporate Services

 

Beyond Security Automated Scanning

Beyond Security offers both online and internal server based vulnerability assessment products.  The Internet solution provides regular vulnerability checks on your network. After the check you a given a detailed report telling you how exposed you are and and rating the risk (low media and high), the problems that were found and how to fix them. The internal assessment products uses a server maintained by Beyond Security at your premises. All analysis is internal with no connection to the Internet. The reports are similar to the online service and a comparative analysis of current and previous reports can be made. For more information go to http://www.automatedscanning.com.

 

Bindview BV-Control for Windows

This system assess security in Windows NT and 2000.  It allows you to analyse the issues and then resolve them. Some areas it can check are password strength, unused accounts, user rights, registry settings, unapproved files. The system uses Bindview Security Advisor to check that your systems are running the latest Microsoft patches and updates. The system is updated automatically every time Microsoft releases a security patch. Flexible reporting allows different styles of documentation dependent on target audience. Real time monitoring and alerting means that administrators can react to issues before they become critical. The product is also available for other platforms such as UNIX and Exchange. Go to http://www.bindview.com   for more information. 

 

GFI Email Security Test

This free service tests various aspects of your email system by sending you innocent attachments. The behaviour of your system towards these attachments determines how secure your system is. You can also sign up for the GFI Security newsletter. For more information go to http://www.gfi.com/emailsecuritytest/.

 

GFI LANguard Network Security Scanner

This product (free for non-commercial use) can be used to scan equipment on your network for vulnerabilities. It can check shares and open ports and make an inventory of your network. It can also detect Trojan Horse activity and unused accounts and password strengths and see whether the systems are advertising information that may be useful to a potential attacker. The commercial version allows you to analyse results against previous tests to highlight new issues.  For more information and to download the software go to http://www.gfisoftware.com.

 

Hacker Whacker

This online subscription service tests PC's on your network for vulnerabilities. The web site also has information on security issues and links to other security related sites. You can try a free, limited scan to try out the service. the site is at http://www.hackerwhacker.com.

 

Harris STAT Scanner Professional Edition

This system checks Windows, Solaris, Unix and Linux systems for vulnerabilities. Risks are rated letting you concentrate on the most critical issues first. Solutions are described and the location of relevant patches and information are provided. Automatic fix capabilities are available for some issues and reports can be configured depending on the target audience. The database of vulnerabilities are updated every month. For more information, or a time limited evaluation copy,  go to http://www.statonline.harris.com/solutions/vuln_assess/index.asp.  

 

Harris STAT Analyser

This product is used to manage multiple vulnerability assessment tools. The Harris STAT Scanner, WhatsUp Gold and NMAP are all included. It allows you to manage assessments using multiple scanners (if you wish), consolidates the results and provides expert analysis and reporting. Fault fixing capabilities are also available.You can configure scans based on your corporate security policy. For more information go to http://www.statonline.harris.com/solutions/sec_policy/.  

 

Microsoft Baseline Security Analyser

This is a free tool that can be used to check systems for misconfigurations (such as weak passwords), vulnerabilities and missing hotfixes in Windows NT 4,  XP and 2000 Internet Information Server (IIS), SQL Server IE 5.01 and above and Office 2000 & XP. More information, and the free download can be found at: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp. It uses the HFNetChk engine that as developed by Shavlik Technologies. Enhanced versions of this engine (HFNetChkPro and Enterprise Inspector) and other tools are available from Shavlik Technologies. Check out their web site at http://www.shavlik.com.

 

Intranode ActiveSentry

This is a vulnerability assessment tool for Internet facing systems. It detects visible systems, audits them (by using hacker -like techniques) then and reports its findings. The vulnerability database is updated each day using information from world renowned sources (such as SecurityFocus and CERT). Two levels of audit can be carried out. One provides a list of potential vulnerabilities and the other, in-depth audit, gives a detailed report of real vulnerabilities. Two types of report are available, technical and executive. The technical report provides a detailed descriptions of the vulnerabilities found and explains the potential level of risk caused by their exploitation of vulnerabilities noted  and information on how to ways to remove / reduce the risks. The executive report allows you to make decisions based on the vulnerabilities encountered.  It enables you to manage costs and effort in order to reduce the risks to minimum. Audits take place automatically every 14 days and can also be manually run when required. For more information go to http://www.intranode.com/en/pg/as_ws/as_intro_en.htm.


 

Intranode Vulnerability Management Suite

This is a proactive internal vulnerability assessment system. Systems are tested for compliance with your security policy and against a regularly updated list of vulnerabilities. Mapping features let you see exactly what is on your network and you can view new vulnerabilities which have appeared since the last scan. See http://www.intranode.com/en/pg/vmsuite/vmsuite_intro_en.htm for details.

 

Nessus

This is a free vulnerability scanner that runs on Unix, Solaris and Linux. The signature database is updated daily meaning that your system can be checked for the latest threats. It tests you system safely or by  attempting the types of attack that a hacker would attempt and therefore may interrupt your services (but at least you are expecting it). The issues found are rated on risk so that you can concentrate on the most important issues first. Information on how to resolve some of the the issues will also be displayed.  Plug-Ins can be added to enhance the scanner. For more information go to http://www.nessus.com.

 

NTA Monitor

This organisation specialises in penetration testing for organisations. Additional services such a s Wardialling vulnerability testing are also available in the UK.  They are members of the UK CHECK scheme which is a government scheme to ensure that organisations adhere to strict guidelines while performing tests and are adequately trainined to do so. Go to http://www.nta-monitor.com for full details of their services.

 

Outpost OutScan

OutScan is an automated perimeter vulnerability scanning service that uses both proprietary and public domain tools to check your system at scheduled intervals (once a week for instance). New vulnerabilities are constantly being added to the test database ensure that you can test against the latest threats. Go to http://www.outpost24.com for more details.

 

Outpost HIAB

This is an version of OutScan that has been designed to test the inside of your network for vulnerabilities. You can chose minimal or exhaustive tests and you can run on-demand testing or schedule the system to scan at set times. Vulnerability information includes references to both BugTraq and CVE data, ensuring that clear details of the issues found are available. Go to http://www.outpost24.com for more details.

 

Portcullis

Portcullis offer vulnerability scanning and penetration testing services in the UK. They are members of the UK CHECK scheme which is a government scheme to ensure that organisations adhere to strict guidelines while performing tests and are adequately trained to do so. Their web site is at http://www.portcullis.co.uk.

 

QualysGuard

This online vulnerability assessment service that audits your systems looking for vulnerabilities. The vulnerability database is constantly updated from multiple  sources, including Bugtraq. You can track your remediation activities centrally to ensure that you are in control at all times. For more information, a free trial or to buy the product go to http://www.qualys.com.  There are also a number of free to use QualysGuard tests available.

 

Secunia Test Zone

There are three free tests from Secunia, a browser checker that checks that you browser, plug ins and associated programs are up to date, a vulnerability scanner that uses Nessus against a single IP address and an online virus checker that uses the Panda ActiveScan system. Go to http://www.secunia.com for details.

 

SecureTest

SecureTest provide penetration testing, vulnerability assessment and training in the UK. They use Vigilante products for the vulnerability testing They are members of the UK CHECK scheme which is a government scheme to ensure that organisations adhere to strict guidelines while performing tests and are adequately trained to do so. Go to http://www.securetest.com for information on their range of services.

 

Shavlik Account Inspector

Checks for accounts with no or weak passwords, no expiry, not accessed, old passwords etc. Many functions including report exporting to Excel for detailed analysis. For more information go to http://www.shavlik.com.

 

St Bernard ExpertUpdate

This product aids the identification, delivery and implementations updates and hotfixes over a wide range of Microsoft products. You can check you systems to see what's missing and print reports to track your status. For more information, to purchase the product or download a free trial go to http://www.stbernard.com.

 

Symantec Vulnerability Assessment

This system allows you to automatically audit your systems against a regularly updated database of vulnerabilities (indexed to Bugtraq and CVE) .  Remediation information is provided to allow you to fix you systems if vulnerabilities are identified. The system can be linked to the Symantec Enterprise Security Manager system to allow for compliance checking against corporate policy. In order to track vulnerability fixes you can link the system to the Symantec Incident Manager product. Go to http://enterprisesecurity.symantec.com/products/products.cfm?productid=188&EID=0.


Symantec NetRecon

This multi-platform network-wide vulnerability assessment tool is able to learn from its results and use the information gained in future scans. It scans your systems, emulating hacker-like behaviour to uncover vulnerabilities. As well as reporting on the issues and recommending fixes for them it describes the steps involved in discovering them. Vulnerability updates can be automatically downloaded from the Internet on a regular basis. Reports can be tailored for the intended audience. For more information go to http://enterprisesecurity.symantec.com/products/products.cfm?productid=46&PID=na&EID=0.   

 

Intrusion SecurityAnalyst

This system (former known as Kane Security Analyst) allows you to audit your system configuration to check for non-conformances against your policies. It checks account restrictions and password strengths, confirms what resources accounts have access to, checks which auditing and logging services are running, performs checks on data integrity and confidentiality settings.  No agents are required to be installed on the machines to be audited, everything is run from on machine. Produces customisable reports. For more information go to http://www.intrusion.com/products/va.asp.

 

Retina

This product (from eEye Digital Security) checks your systems for vulnerabilities and compatability with your defined corporate policies (password rules etc). It uses artificial intelligence technology to look for potential vulnerabilities (not just those published in a database). You can decide which audits you want to run and you can design your own tests to tailor the system to your organisations particular needs. There is also an option to get the system to automatically fix common configuration issues. The reporting tools allow for in-depth and high level reports allowing adequate information for support and management. The various part of the product can be updated regularly over the Internet.  It can scan multiple platforms (NT, XP, Unix, Linux, routers and firewalls etc.). eEye Digital Security have teamed up with St. Bernard Software, publishers of ExpertUpdate to provide a joint vulnerability assessment and product update solution. Information can be found on their web site at http://www.eeye.com/html/Products/Retina/index.html.  

       

Vigilante SecureScan NX

This tools uses agents installed in your network components (including firewalls) to allow you to scan your entire network from a single console. Vulnerabilities are constantly being added to the testing schedule. Vulnerabilities are rated allowing you to concentrate on the most critical issues first.      Reports can be configured based on the intended recipient and comparative analysis can help define trends. Links to vendor alerts, security fixes and software patches and maintained, reducing the resource required to do this yourself.      For more information go to http://www.vigilante.com/securescan/nx/product_description.htm.

 

Vigilante SecureScan Perimeter

This is an assessment tool for your Internet facing systems. Test are initiated over the Internet (as a hacker would) starting at the Firewall and making its way inside your infrastructure. It checks for all known vulnerabilities and creates a report on the issues found and resolution options. The risks found are prioritised allowing you to concentrate on the most critical issues first. Reports can be customised depending on the intended recipient and comparisons to previous results can used to define trends. The latest vulnerabilities are constantly added to the testing schedule to ensure that you are protected against the latest threats. For more information go to http://www.vigilante.com/securescan/perimeter/product_description.htm.       

 

Last Updated 16/11/2003