<div>
port scanning<br />
IP range scanning<br />
you can use a variety of tools - normally done by proper pen test companys - <br />
Back Track Live CD is a good start for these kond of tools - in the wrong hands it might be used to hack in the right hands its used to probe and asses 
</div>


port scanning
IP range scanning
you can use a variety of tools - normally done by proper pen test companys -
Back Track Live CD is a good start for these kond of tools - in the wrong hands it might be used to hack in the right hands its used to probe and asses

<div>
1. &nbsp; &nbsp; &nbsp;Nessus (Linux if you can) <a href="http://www.nessus.org/nessus/" rel="ugc">http://www.nessus.org/nessus/</a><br />
2. &nbsp; &nbsp; &nbsp;Nikto (Linux) <a href="http://www.cirt.net/nikto2" rel="ugc">http://www.cirt.net/nikto2</a><br />
3. &nbsp; &nbsp; &nbsp;Paros proxy (Linux if you can) <a href="http://www.parosproxy.org/index.shtml" rel="ugc">http://www.parosproxy.org/index.shtml</a><br />
4. &nbsp; &nbsp; &nbsp;Ike-scan (Linux) <a href="http://www.nta-monitor.com/tools/ike-scan/" rel="ugc">http://www.nta-monitor.com/tools/ike-scan/</a><br />
5. &nbsp; &nbsp; &nbsp;SARA (Security Auditor's Research Assistant) (Linux) <a href="http://www-arc.com/sara/" rel="ugc">http://www-arc.com/sara/</a><br />
6. &nbsp; &nbsp; &nbsp;MBSA (discutable) <a href="http://technet.microsoft.com/en-us/security/cc184923.aspx" rel="ugc">http://technet.microsoft.com/en-us/security/cc184923.aspx</a><br />
7. &nbsp; &nbsp; &nbsp;AppScan from IBM <a href="http://www-01.ibm.com/software/awdtools/appscan/" rel="ugc">http://www-01.ibm.com/software/awdtools/appscan/</a><br />
8. &nbsp; &nbsp; &nbsp;<a href="http://www.backtrack-linux.org/" rel="ugc">http://www.backtrack-linux.org/</a> &nbsp; &nbsp; <a href="http://en.wikipedia.org/wiki/BackTrack" rel="ugc">http://en.wikipedia.org/wiki/BackTrack</a>&nbsp; &nbsp; <a href="http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf" rel="ugc">http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf</a><br />
<br />
check <br />
<a href="http://sectools.org/index.html" rel="ugc">http://sectools.org/index.html</a><br />
<a href="http://sectools.org/vuln-scanners.html" rel="ugc">http://sectools.org/vuln-scanners.html</a><br />

</div>


1.      Nessus (Linux if you can) http://www.nessus.org/nessus/ [http://www.nessus.org/nessus/]
2.      Nikto (Linux) http://www.cirt.net/nikto2 [http://www.cirt.net/nikto2]
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml [http://www.parosproxy.org/index.shtml]
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/ [http://www.nta-monitor.com/tools/ike-scan/]
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/ [http://www-arc.com/sara/]
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx [http://technet.microsoft.com/en-us/security/cc184923.aspx]
7.      AppScan from IBM http://www-01.ibm.com/software/awdtools/appscan/ [http://www-01.ibm.com/software/awdtools/appscan/]
8.      http://www.backtrack-linux.org/ [http://www.backtrack-linux.org/]     http://en.wikipedia.org/wiki/BackTrack [http://en.wikipedia.org/wiki/BackTrack]    http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf [http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf]

check
http://sectools.org/index.html [http://sectools.org/index.html]
http://sectools.org/vuln-scanners.html [http://sectools.org/vuln-scanners.html]


<div>
<div class="content wysiwyg-content">
Hi,<br />
I have a Interview shortly but they are asking for Vulnerability assesment , how to do this and what tools do generally N/W engineers use in their organizations<br />
<br />
Regards<br />
Ramu<br />

</div>
</div>


Hi,
I have a Interview shortly but they are asking for Vulnerability assesment , how to do this and what tools do generally N/W engineers use in their organizations

Regards
Ramu


Vulnerability Assesment of Routers/Firewalls

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.