Free scanning tools to check OS & network security hardening / compliance

Q1:
I know Nessus used to be free but not anymore but I don't mind getting
an old free copy of Nessus just for some refreshing to familiarize.  let
me know if where I can download

Q2:
Also looking for non-intrusive tools (ie those that don't make changes
to the OS / apps / DB) that collects info like password strength, password
locking is enabled, non-recommended services like ftp & telnet servers
are disabled, when was the last security patch updates for Windows
2003/2008/2012 & MS SQL, Linux, Solaris

Q3:
For network switches/routers, looking for tools that ensure hardenings
are done, eg: on Cisco switches, we want to verify if "no ip http-server",
"icmp unreachables" etc are implemented.  Let me know any free tools
I can get to do these
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Q1 - Nessus is still free for evaluation and home users but limited. You can still use it for scanning just that the compliance checks excluded.
http://www.tenable.com/products/nessus/editions
http://sectools.org/search/?q=nessus
Also the open-source version of Nessus was forked by a group of users who still develop it under the OpenVAS name. The latter came with a virtual appliance (ova) for quick deployment and demo try out
http://www.openvas.org/software.html#feature_overview
http://www.openvas.org/vm.html

There is a old article on the comparison bwt nessus and openvas, the former wins in the plugin support but capability will be of par
http://security.lss.hr/images/stories/documents/Nessus_vs_OpenVAS_en.pdf

Q2 - I was thinking OpenVAS supporting OVAL may help though not intensively tested and I am not certain as not seen it in action. The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file.
https://oval.mitre.org/
http://sourceforge.net/projects/ovaldi/

can catch its old compendium as read first. It is using NVT and probably the Network Vulnerability Tests (NVTs) will lead to compliance checks
http://www.openvas.org/compendium/consider-coverage-of-available-vulnerability-tests.html
http://www.openvas.org/compendium/scan-options.html

Another on OpenSCAP which validate SCAP scheme based info with XCCDF language which most NIST DISA STIG and Checklist Program list may provide. XCCDF is a standard way of expressing checklist content.
http://www.open-scap.org/page/Main_Page
http://web.nvd.nist.gov/view/ncp/repository
http://iase.disa.mil/stigs/

Also there is a OVAL based tool that

Microsoft Security compliance Mgr uses MS guidance and documentation—including the previously stand-alone product-specific security guides—and incorporates it into one tool, enabling you to access and automate all of your organization’s security baselines in a centralized location.
Article (old) - http://technet.microsoft.com/en-us/magazine/hh489604.aspx
Latest - http://technet.microsoft.com/en-us/library/cc677002.aspx
FAQ - http://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx

Network Hotfix Scanner (almost like MBSA) -  free hotfix check utility that scans network computers for missing hotfixes and patches.
http://www.nsauditor.com/network_tools/network_hotfix_scanner.html#.UiLj1zZmhcY

Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting. http://www.seccubus.com/

Q3 - I was thinking of nipper studio (limited one called "nipper")
http://sourceforge.net/projects/nipper/
https://www.titania-security.com/nipperstudio/securityauditing
... and firewall mgr (free one called "Firewall Browser", Solarwinda has quite a list)
http://www.solarwinds.com/firewall-security-manager/firewall-management.aspx
http://www.solarwinds.com/downloads/

More commonly, the use of CIS benmark and audit tool
http://benchmarks.cisecurity.org/downloads/benchmarks/
https://benchmarks.cisecurity.org/downloads/audit-tools/

e.g. CIS Configuration Assessment Tool (CIS-CAT)—A Java-based tool that compares the configuration of target IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100.

e.g. Router Assessment Tool (RAT) - CIS RAT assesses target devices for conformance with the CIS Benchmarks for Cisco Router IOS and Cisco PIX firewalls.

e.g. others include Apache Benchmark Tool,  and UNIX Assessment Tools
0
madunix (Fadi SODAH)Commented:
Nessus is not freeware for a business. Only for educational or personal use.  I would also check others:

www.rapid7.com
www.qualys.com
www.eeye.com 
www.saintcorporation.com 
www.foundstone.com 



 See also the following links:
1.      Nikto (Linux) http://www.cirt.net/nikto2
2.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
3.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
4.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
5.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
6.      AppScan from IBM http://www-01.ibm.com/software/awdtools/appscan/
7.      BT http://www.backtrack-linux.org/
8.      Meta http://www.metasploit.com/
9.      SEC http://sectools.org/
10.    PEN http://www.pentest-standard.org/
11.    Hak http://hakin9.org/
12.    Lab http://labmice.techtarget.com/security/penetration.htm







http://projects.webappsec.org/Web-Application-Security-Scanner-List

Commercial Tools:
----------------------
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN




 
Software-as-a-Service Providers:
------------------------------------------
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG



Free / Open Source Tools:
-------------------------------
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Andiparos
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Q3 - adding specific to CISCO

Nessus plugin (ID 46689) named “Cisco IOS Compliance Checks” (also based on CIS benchmark set for CISCO),  Cisco RAT from CIS may only provide rudimentary auditing capability so Nessus still win a par above
http://www.tenable.com/blog/nessus-cisco-compliance-checks

This may not be totally useful in config but at least targeted patches are covered by Cisco IOS Software Checker tool to search for Cisco Security Advisories that address specific Cisco IOS Software releases
http://tools.cisco.com/security/center/selectIOSVersion.x

Not free but worth catching it the CISCO scanning demo by QualysGuard Policy Compliance (using QualysGuard Express type)
https://community.qualys.com/docs/DOC-2116
(if interested, catch the comparison btw subscription types)
0
Sudeep SharmaTechnical DesignerCommented:
Aren't we missing  NMAP for scanning open ports and also vulnerability scans?

http://nmap.org/

All the other tools are also listed on the above site:

Vulnerabilit scanners:
http://sectools.org/tag/vuln-scanners/

Web Scanners:
http://sectools.org/tag/web-scanners/

Wireless Tools:
http://sectools.org/tag/wireless/

Packer Sniffers:
http://sectools.org/tag/sniffers/

Password Crackers:
http://sectools.org/tag/crackers/

Sudeep
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.