I really like those some proclaimed security auditors who come to you and say they can “detect” security flaws in your products and charge you a butt load of money for it. I must say, they did some good work in convincing you.
But seriously speaking, many so called “sec auditors” out there are just a load of scripting kiddies that run tools then Google the findings and look for resolutions, last but not least, they send you their bill. Well, i am not sure if there’s a magician’s-code like for security auditors not to “reveal” their tricks to the public, i don’t really care actually.
So here’s a quick trick to become a sufficient auditor (note, by saying sufficient, i mean, basic or enough-for-now level). Try Nessus 3.0, its a vulnerability scanner for almost anything that have an IP (almost).
Its an awesome tool, that i personally use too when performing auditing but, i would provide this type of auditing for free!.
I would suggest to organizations, large or small, to run a basic security audit on all implemented servers, devices, routers or like i said, anything with an IP to see if its secured at least to known security vulnerabilities out there.
Nessus is fast and agentless that runs on many *nix flavors, Windows, Solaris and Macs and even checks for patch levels if configured to do so. Now, try it out for yourself, but first read the how-to-guide then start. Some scans can crash servers so be extremely careful when running on live environment.
And..drum rolls, best part is, its FREE!!! Enjoy!
Brought to you by the good folks at Tenable (http://www.tenablesecurity.com)
Nessus 3.0 download link. http://www.nessus.org/download/
Nessus 3.0 Faq: http://www.nessus.org/plugins/index.php?view=faq
The Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, asset profiling, and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
They can also be made available for ad-hoc scanning, daily scans, and quick-response audits. When managed with the Security Center, vulnerability recommendations can be sent to the responsible parties, remediation can be tracked, and security patches can be audited. Nessus is supported by a world renowned research team and has the largest vulnerability knowledge base, making it suitable for even the most complex environments.