In my previous tip, I reported on my positive experiences with the latest version (1.2) of the Microsoft Baseline Security Analyzer. That exercise, along with some recent work using a protocol analyzer to capture indications of port scans or denial of service attacks at work, got me to thinking about the various forms that security scans can take. Although MBSA 1.2 is and remains a worthy and worthwhile tool, the value of external (and internal security scans) is nearly impossible to overrate. This led me to refresh my knowledge base on the subject of security scanners you can download and run on a Windows machine, to inspect and evaluate security posture from inside or outside a network.
(Note: the following tools are all great for loading onto a mobile laptop that can become a security scanning station you can use in a variety of situations and circumstances).
All of the following tools are either free, shareware, or their vendors offer limited time, full-featured, free evaluations in hopes of enticing you to part with some of your hard-earned cash. All have been positively reviewed in many places, and are worth fooling around with, if not making a part of your Windows security toolbox.
- GFiLANGuard Network Security Scanner (Freeware edition, commercial version available): GFiLANGuard NSS remains one of the best standalone security scanners available, but the freeware edition no longer keeps pace with the commercial product, and the commercial product is not cheap.
- NetworkActiv Scanner 4.0 (Shareware and freeware editions available): Although this scanner is a bit dated, the $15 shareware version includes a very nice collection of IP diagnostic and scanning tools for which numerous other vendors charge more. Not a complete scanning solution, but a terrific value for the money.
- Nmap (download page; freeware): A self-professed hacking tool from a self-professed hacker, the most up-to-date version of Nmap for Windows requires working from the command line with single-minded dedication. Despite its lack of a glitzy GUI (which is available for other platforms that support X Windows), this is a solid, capable security scanning tool that, despite its admitted Unix/Linux bias, really does the job.
- pcAudit (freeware; commercial product suite available): A nice little desktop PC security evaluation program from Internet Security Alliance, Inc. This one takes the approach of trying to simulate malware running on the PC by running this software to communicate with an ISA server as a measure of security and protection levels.
- STAT (commercial product; 30-day eval available): This is Harris Corporation's full-featured security scanning product that features broad coverage, regular updates, and nice automation and reporting features. If you want to use it in production, it will cost you dearly, but it's the only item in this list that meets the Common Criteria for security (established by a joint working group from the US, the EU, and other countries to replace the aging Orange book and other DoD security requirements, as well as a second generation of specifications developed in Europe in the early 1990s). For those interested in and able to pay for a "Cadillac solution," this is it!
If you spend a little time looking into and using one or more of the items on this list, you'll probably find something worth keeping around.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in June 2004