Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE Manual page 91

Chapter 8. Vulnerability Assessment
Note
Nikto is not included with Red Hat Enterprise Linux and is not supported. It has been included in this
document as a reference to users who may be interested in using this popular application.
More information about Nikto can be found at the following URL:
http://www.cirt.net/code/nikto.shtml
8.3.4. VLAD the Scanner
VLAD is a scanner developed by the RAZOR team at Bindview, Inc. which may be used to check
for vulnerabilities. It checks for the SANS Top Ten list of common security issues (SNMP issues, file
sharing issues, etc.). While not as full-featured as Nessus, VLAD is worth investigating.
Note
VLAD is not included with Red Hat Enterprise Linux and is not supported. It has been included in this
document as a reference to users who may be interested in using this popular application.
More information about VLAD can be found on the RAZOR team website at the following URL:
http://razor.bindview.com/tools/vlad/index.shtml
8.3.5. Anticipating Your Future Needs
Depending upon your target and resources, there are many tools available. There are tools for wireless
networks, Novell networks, Windows systems, Linux systems, and more. Another essential part of
performing assessments may include reviewing physical security, personnel screening, or voice/PBX
network assessment. New concepts, such as war walking — scanning the perimeter of your enter-
prise's physical structures for wireless network vulnerabilities — are some emerging concepts that
you can investigate and, if needed, incorporate in your assessments. Imagination and exposure are the
only limits of planning and conducting vulnerability assessments.
79