[AusNOG] Security Audit Tools - what's good ?

Mister Pink misterpink at gmail.com
Wed Apr 13 11:54:27 EST 2016 

I would agree Nessus will do this if you do a credentialed scan and it's a
really great tool to have in your arsenal anyway - if you are not currently
doing regular VA's you should because things change and new vulns come to
light all the time.

Dont overlook Microsofts MSBSA (
https://www.microsoft.com/en-us/download/details.aspx?id=7558) it will do
most of what you are asking for free.

There are also the CIS benchmarking tools, but these probably go above and
beyond what you are asking.
The other thing worth checking out is a tool called PAWS Studio (
https://www.titania.com/products/paws-studio) from Titania (who make
Nipper) it is primarily targeted at US Federal compliance requirements, but
there is a free trial, so you can give it shot and see if it meets your
needs.

Eric

On 13 April 2016 at 11:34, Tim Raphael <raphael.timothy at gmail.com> wrote:

> I’ve heard very good things about Nessus:
> http://www.tenable.com/products/nessus-vulnerability-scanner
>
> It can do an awful lot and produces some very nice reports.
>
> - Tim
>
>
> On 13 Apr 2016, at 9:25 AM, paul+ausnog at oxygennetworks.com.au wrote:
>
> Hi All, we are looking for a decent security audit tool for Windows
> servers which we can run against customer servers both in the DC and in the
> field.
>
> We are looking for something that can audit account policies, file system
> security, and generally determine if the system is secure and doesn’t have
> any blank passwords, open shares, that sort of thing.
>
> We would probably be charging for the audit so don’t mind paying a
> reasonable amount for good software which can produce a decent report, open
> source would be great but I realise that finding something good would
> probably mean spending some decent coin.
>
> Any suggestions would be appreciated.
>
> Thanks
> Paul
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160413/e75f6aa9/attachment.html>

More information about the AusNOG mailing list