Core Security unwraps security-test tool

Core Security Technologies next week updated Core Impact, its security penetration-test tool for desktops and servers that lets customers run a series of exploits to determine how far into corporate resources a hacker could burrow.

Version 4.0, which runs on Windows 2000, XP, Linux, Solaris and OpenBSD, presents a set of exploits that authorized mangers can run that duplicate hacker capabilities. This version eliminates the need to manually direct each testing step and automates the cleanup procedure of removing files and back doors that get installed as a routine part of changing machine configuration.

The tool can import information about network vulnerabilities that are discovered by commercial tools such as Internet Security Systems Inc.’s Scanner and freeware like Nessus. It competes with freeware such as the Metasploit Project tools for penetration testing and is viewed as complementary to vulnerability assessment tools, which can identify network holes by scanning.

James Cupps, chief information security officer at global paper manufacturer Sappi Ltd., says he has used Core Impact for a number of years to supplement vulnerability-assessment tools, which cover a wide range of possible network and application holes but often generate false positives.

“Core Impact is more accurate if not more comprehensive than vulnerability assessment,” Cupps says. For instance, Nessus might identify a few thousand possible weaknesses, but Core Impact zeros in on the 100 or so most critical exploits.

When vulnerability-assessment tools pick up a weaknesses in any of Sappi’s 2,000 desktops or 600 servers, Cupps checks the results with Core Impact to make sure there are no false positives and to determine how deeply hackers might exploit a problem. “I’ll do this on a quarterly basis, once a week for each subnet, and give the results to a systems administrator,” Cupps says.

Core Impact consolidates reporting on network exploits and presents them on a PC-based management console.

Core Impact 4.0 starts at US$2,500 for an eight-server license.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now