NetProbe Information -- tool
Robert Owen Thomas (rthomas@pamd.cig.mot.com)
Tue, 29 Aug 1995 10:54:35 -0500
hello, list-folk--
i saw this bit of information on the INFSEC-L list. thought it might be
of interest to all of us.
enjoy.
regards,
--robert
--- Forwarded mail from INFSEC-L Information Security List
<INFSEC-L%ETSUADMN.BITNET@PSUVM.PSU.EDU>
Date: Mon, 28 Aug 1995 14:16:53 -0500
Reply-To: INFSEC-L Information Security List
<INFSEC-L%ETSUADMN.BITNET@PSUVM.PSU.EDU>
From: The Lone Star Maverick <SW5540@ETSUADMN.ETSU.EDU>
Subject: NetProbe Information
To: Multiple recipients of list INFSEC-L
<INFSEC-L%ETSUADMN.BITNET@PSUVM.PSU.EDU>
Since my posting on "NetProbe FAQs" on this list earlier, I've
been flooded with requests concerning how the product could be
obtained or who to contact. The following info might help (as
usual, standard disclaimers apply).......
-- slemo warigon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is human nature to make decisions based on emotion, rather than
fact. But nothing could be more illogical." -- Toshiba Corporation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Description
>
> NetProbe is a network security analysis program that searchs an entire
> network looking for security holes and configuration errors which an
> intruder could use to break into hosts on that network. NetProbe
> checks for 85 security holes, including ones that might be considered
> long since fixed (sometimes the most dangerous). After NetProbe is
> done, it saves all of its results for further analysis and can produce
> easy to read reports from the results.
>
> Features
>
> Operates from one computer.
> Tests any host accepting TCP/IP packets.
> Automatically tests all pingable hosts. No need to specify which
> machines are on the network.
> Runs 85 tests -- all appropriate CERT and CIAC advisories for
> remote access vulnerabilities. Includes many other tests such as
> poorly configured NSF exports and insecure default accounts.
> Quickly probes even large networks. From a Sun SPARC, one test
> can run against 100 hosts in 2 minutes or less. All tests can run
> against 100 hosts in 5 minutes or less.
> Use NetProbe to repeated test for problems resulting from
> installing new software, ineffective security fixes, file
> restorations, undetected intrusions.
> Reports can be tailored by specific date, host or test. Output
> as ASCII or HTML. All runs are stored in a database.
> Report describes vulnerabilities and their fixes. Pointers to
> appropriate CERT and CIAC documents.
> NetProbe must be run with super-user privileges. Licensing
> mechanism uses encryption to ensure that others cannot probe your
> network.
> Test remote-access security from inside and outside firewalls.
> Modular design for easy use and update installation.
> Can be run in "noisy" or "quiet" mode with respect to log
> messages left on probed hosts.
> Easy-to-use interface and simple configuration file.
>
> Contact Information
>
> netprobe@infostructure.com
> (800) 525-1711
> (515) 296-6903
> (515) 296-9910 (fax)
>
> InfoStructure Services & Technologies, Inc.
> 2501 N. Loop Dr.
> Iowa State University Research Park
> Ames, Iowa 50010
> InfoStructure Description
>
> InfoStructure's mission is to provide state-of-the-art products and
> services for contemporary business and government information needs
> specializing in computer and network security, fraud detection, and
> information modeling and mining.
>
> InfoStructure will be in booth #2328 at UNIX Expo '95 in New York
> City.
>
>
> NetProbe is a network security analysis program that searches an
> entire network looking for security holes and configuration errors
> which an intruder could use to break into hosts on that network. The
> program reports any discovered vulnerabilities and how they should be
> corrected.
>
>
> Contact InfoStructure for information on pricing and ordering.
>
> Evaluation Copies Available
>
> Copies of NetProbe are being made available to qualified individuals
> for evaluation purposes. These copies perform all the actual
> vulnerability tests, but are restricted to scanning only a class C
> size network, for a maximum time period of two months. An individual
> must meet ALL of the following criteria to qualify:
>
> - Authorized to perform security scans on a class C size network
> or larger.
> - Individual's organization must have at least 1000 IP addresses,
> with at least 100 pingable hosts on a TCP-IP network.
> - Must have access to a platform running SunOS or Solaris.
> - Must be a US organization. (The code relying on encryption is
> in the process of being approved for export.)
>
> Send email to netprobe@infostructure.com if interested. Corporations
> with over 1,000 pingable machines interested in establishing a
> relationship with IST as a beta site for future versions and new
> security products should respond to the same email address.
>
> InfoStructure Press Releases
>
> Internet Security Tool To Deter Hackers, March 14, 1995
> Internet Security Tool Released, March 31, 1995
> InfoStructure Services and Technologies, Inc.
> 2501 N. Loop Dr.
> Iowa State University Research Park
> Ames, Iowa 50010
>
> For Release: March 31, 1995
>
> Contact:
> Dr. Gregory E. Shannon
> 515-296-6903 (voice)
> 800-525-7976 (voice)
> 515-296-9910 (fax)
> shannon@infostructure.com (e-mail)
> http://www.netins.net/showcase/infostructure/ (URL)
>
> Internet Security Tool Released
>
> AMES, Iowa, March 31, 1995 -- Today, InfoStructure Services &
> Technologies, Inc. started selling NetProbe, a network security
> product, which identifies security holes and advises computer
> operators how to fix them.
>
> The software automatically identifies security holes in networked
> computers which can be remotely exploited by disgruntled employees or
> hackers.
>
> Using encryption, the company ensures that each copy of the software
> can probe only a specified network. InfoStructure provides update
> modules to test for newly identified holes as they are announced on
> the Internet.
>
> NetProbe runs 85 tests against 100 computers in five minutes or less.
> The tests include all of those in the SATAN "freeware", software
> scheduled for release next month with no restrictions on who uses it
> or which networks it probes.
>
> IST Inc., is a computer software and consulting firm at the Iowa State
> University Research Park. IST sells products and services for network
> security and electronic fraud detection.
> InfoStructure Services and Technologies, Inc.
> 2501 N. Loop Dr.
> Iowa State University Research Park
> Ames, Iowa 50010
>
> For Release: March 31, 1995
>
> Contact:
> Dr. Gregory E. Shannon
> 515-296-6903 (voice)
> 800-525-7976 (voice)
> 515-296-9910 (fax)
> shannon@infostructure.com (e-mail)
> http://www.netins.net/showcase/infostructure/ (URL)
>
> Internet Security Tool Released
>
> AMES, Iowa, March 31, 1995 -- Today, InfoStructure Services &
> Technologies, Inc. started selling NetProbe, a network security
> product, which identifies security holes and advises computer
> operators how to fix them.
>
> The software automatically identifies security holes in networked
> computers which can be remotely exploited by disgruntled employees or
> hackers.
>
> Using encryption, the company ensures that each copy of the software
> can probe only a specified network. InfoStructure provides update
> modules to test for newly identified holes as they are announced on
> the Internet.
>
> NetProbe runs 85 tests against 100 computers in five minutes or less.
> The tests include all of those in the SATAN "freeware", software
> scheduled for release next month with no restrictions on who uses it
> or which networks it probes.
>
> IST Inc., is a computer software and consulting firm at the Iowa State
> University Research Park. IST sells products and services for network
> security and electronic fraud detection.
> InfoStructure Services and Technologies, Inc.
> 2501 N. Loop Dr.
> Iowa State University Research Park
> Ames, Iowa 50010
>
> For Release: March 14, 1995
>
> Contact:
> Dr. Gregory E. Shannon
> 515-296-6903 (voice)
> 800-525-7976 (voice)
> 515-296-9910 (fax)
> shannon@infostructure.com (e-mail)
> http://www.netins.net/showcase/infostructure/ (URL)
>
> Internet Security Tool To Deter Hackers
>
> AMES, Iowa, March 14, 1995 -- Julius Caesar, of the Iron Age, was
> killed on the Ides of March just over 2,000 years ago according to
> Shakespeare. He died due to insufficient security against iron
> weapons. Today, an Ames, Iowa, company announced a new computer
> security system to help the Caesars of the Information Age defend
> themselves and their information against information weapons.
>
> "Our computer security product, NetProbeTM, identifies security holes
> and advises computer systems operators how to fix those holes before
> an Internet pirate can exploit them," said Dr. Gregory E. Shannon,
> President of InfoStructure Services and Technologies, Inc., (IST). The
> company will begin selling the software on March 31.
>
> "The need for security improvement is partially driven by powerful
> tools which will soon be released as freeware on the Internet and thus
> will soon be in the hands of computer hackers," said Shannon.
>
> A computer system operator "running NetProbeTM over his or her network
> can assess how secure the network is from internal and external attack
> and assess it far faster than previously possible," said Mike Neuman,
> principal author of the software and former system administrator at
> Los Alamos National Laboratory.
>
> Network administrators are becoming increasingly aware how vulnerable
> their networks are to attack from electronic thieves, joy riders, and
> even a modern day Brutus attack from the inside. These vulnerabilities
> increase as firms link their local networks to the information
> superhighway. The recent FBI arrest of the infamous computer hacker,
> Kevin Mitnik, represents the tip of the iceberg in the area of
> computer assisted crime.
>
> "Hackers and disgruntled employees have the opportunity to cause
> tremendous harm to a company. They can browse in restricted files,
> degrade computer performance and corrupt data," said Neuman.
>
> The need may increase dramatically after April 5th, when a new network
> probing tool is scheduled to be released onto the Internet. This will
> be a freely distributed tool which could make it far easier for
> hackers to break into systems. At present, a hacker has to keep
> probing a network for exploitable weaknesses. Soon hackers will be
> able to point one of these tools at an organizations network and let
> it automatically probe for security holes while they enjoy a game on
> the Internet.
>
> The NetProbe(TM) software was developed as a result of the computer
> security experience of the authors and IST staff at the Los Alamos
> National Laboratory operated by the U.S. Department of Energy. IST
> Inc., is a computer software and consulting firm located at the Iowa
> State University Research Park. IST sells products and services for
> computer security and fraud detection in text based data streams such
> as tax returns or insurance claims.
---End of forwarded mail from INFSEC-L Information Security List
<INFSEC-L%ETSUADMN.BITNET@PSUVM.PSU.EDU>
--
o robert owen thomas: unix consultant. cymro ydw i. user scratching post. o
o e-mail: Robert.Thomas@pamd.cig.mot.com --or-- robt@cymru.com o
o vox: 708.435.7076 fax: 708.435.7360 o
o "When I die, I want to go sleeping, like my grandfather... o
o Not screaming, like the passengers in his car." o