Introduction

Collecting and tying together your own set of security scanning tools can be time consuming. Even if you do spend the time, they might not work together as well as you'd like or offer all of the features you need. Integrated tools are available some commercial, some free that can provide the features you need.

The automated tools fall into two categories. The first category will attempt to identify vulnerabilities on a system based on a list of known vulnerabilities, sometimes called checks or signatures, without actually exploiting them. This category has been around the longest, and many of the security software vendors offer such a product. They are usually called a vulnerability assessment tool or a remote vulnerability scanner. The second category is tools that will attempt to exploit security holes, and in some cases, use the newly compromised victim to further penetrate into a network. This category is newer, and in fact, tools have only been announced and are not yet available to the public. The first category is primarily intended for security administrators to evaluate their network for vulnerabilities. The second category is intended for use primarily by penetration testers.

These automated tools can be a great help, especially when many hosts must be evaluated for weaknesses. Of course, the tools are not all-powerful, and will ultimately require a knowledgeable human to interpret the results. Like any set of signatures, these tools can report both false positives and false negatives. If you are attempting...