Product Features NeWT is a powerful and comprehensive vulnerability scanner for the Microsoft platform. It performs high-speed checks for more than 4000 of the most commonly updated vulnerabilities and inclues a wide array of scanning options. It has an easy-to-use interface and provides detailed reports in HTML format. NeWT, which is available for free, and NeWT Pro, its more powerful, commercial sibling, perform a variety of vulnerability checks including:. Bmw e36 spoiler install.
Buffer overflow checks in daemons such as and IIS. Default user accounts. Misconfigured email, ftp and web servers. Discovery of open ports and host OS discovery.
Denial of service (DOS) discovery. Backdoors and virus infected host. P2P, chat and suspicious file sharing services With the proper authorization, NeWT can log into Windows or UNIX servers and perform a security audit of missing patches. NeWT and NeWT Pro 'local checks' support the following UNIX and Windows operating systems.
The primary difference between NeWT and NeWT Pro is that NeWT is restricted to scanning only the local subnet of the machine doing the scanning. Tenable also does not provide support for NeWT. But, for home users, small businesses, non-profit organizations and other individuals or small organizations the product will allow them to scan their networks for vulnerabilities free of charge. Corporations who need to be able to scan more than just one local subnet or who wish to receive support from Tenable Network Security can opt to purchase NeWT Pro. NeWT Pro licenses cost $6000.
Support from Tenable, the 'direct' plugin feed and maintenance for one year is an additional $1200. All NeWT Pro purchases must be sold with at least one year of maintenance, effectively making the price tag $7200 for the first year.
Contact Tenable to receive an official quote for NeWT Pro licenses. Tenable can be contacted by emailing them at or speaking with us at 877-448-0489. Tenable can accept credit card transactions. 'Seven Day' NeWT Pro demo keys can be made available to qualified customers. My Review I was thoroughly impressed with NeWT. I have always been a big fan of Nessus, but I work with Windows platforms most often. It is much more convenient to be able to harness the power of Nessus from within the Windows operating system rather than having to also configure a.Nix server to run the back-end scan engine.
Installation was quick and simple. The NeWT console screen provides a handful of options: New Scan Task, View Reports, Configure NeWT, Address Book, Manage Plugins and Update Plugins. I clicked on Update Plugins to download all available plugins and get my copy of NeWT as current as possible.
You can opt to scan using all plugins, or you can create a custom set or use one of many pre-defined sets such as the SANS Top 20 or just the Microsoft vulnerabilities. Scanning my local computer using the complete set of plugins took about 4 minutes. Scanning a remote computer on my network took about 6 minutes. The resulting report provides a good amount of detail describing the issues that were detected, risk factor level, possible solutions, and links to more information. NeWT is an excellent tool that I highly recommend for personal use and I suggest that enterprises investigate using NeWT Pro. (Update: This review is for a legacy product; to see Tenable's current offereings, please visit their.
Contact
. mailing list archives NEWT Scanner stores credentials in plain text From: Kevin Davis続 Date: Sat, 27 Mar 2004 00:05:24 -0500 I have posted this issue to a couple entities like NTbugtraq and CERT with no response. Please read below. Software Vendor: Tenable Security (www.tenablesecurity.com) Software Package: Newt Versions Affected: 1.4 and earlier (and possibly 1.5) Synopsis: Username and password for various accounts stored in unencrypted plain text Issue Date: Feb 22, 2004 Vendor Response: Vendor notified December 4, 2003 Vendor declined to resolve issue 1. Summary NEWT is a commercial Windows port of the open source Nessus Vulnerability scanner by Tenable security. Newt stores the credentials of various types of accounts in unencrypted plain text in a configuration file. Problem Description The config.xml files stores username and password information for various types of accounts in unencrypted plain text.
Those parameters are typically set from the NEWT Scanner interface. When setting these parameters, the user is also not informed of this sensitive information being stored insecurely. This potentially affects the following types of accounts: FTP IMAP POP2 POP3 NNTP SNMP SMB (Windows NT Domain) Typically this config file is stored locally at the following location: Documents and Settings Tenable NeWT config config.xml 3.
Solution None at this time. A lengthy discussion with the vendor resulted in the vendor's decision that this was not a security risk that warrants resolution on. Current thread:. NEWT Scanner stores credentials in plain text Kevin Davis続 (Mar 26).
. mailing list archives NEWT Scanner stores credentials in plain text From: Kevin Davis続 Date: Sat, 27 Mar 2004 00:05:24 -0500 I have posted this issue to a couple entities like NTbugtraq and CERT with no response.
Please read below. Software Vendor: Tenable Security (www.tenablesecurity.com) Software Package: Newt Versions Affected: 1.4 and earlier (and possibly 1.5) Synopsis: Username and password for various accounts stored in unencrypted plain text Issue Date: Feb 22, 2004 Vendor Response: Vendor notified December 4, 2003 Vendor declined to resolve issue 1. Summary NEWT is a commercial Windows port of the open source Nessus Vulnerability scanner by Tenable security. Newt stores the credentials of various types of accounts in unencrypted plain text in a configuration file. Problem Description The config.xml files stores username and password information for various types of accounts in unencrypted plain text.
Those parameters are typically set from the NEWT Scanner interface. When setting these parameters, the user is also not informed of this sensitive information being stored insecurely. This potentially affects the following types of accounts: FTP IMAP POP2 POP3 NNTP SNMP SMB (Windows NT Domain) Typically this config file is stored locally at the following location: Documents and Settings Tenable NeWT config config.xml 3. Solution None at this time.
A lengthy discussion with the vendor resulted in the vendor's decision that this was not a security risk that warrants resolution on. Current thread:. NEWT Scanner stores credentials in plain text Kevin Davis続 (Mar 26).
After watching this on 's new (Nessus Windows Technology) Security Scanner, I the trial version. It expires 31 Jan 04 and will scan the same class C address as the system on which it is run. I tried it on a Windows XP laptop with 384 MB RAM and a 1 GHz Pentium III CPU. It installed easily, accepting that I already had version 3.0 of loaded.
Within minutes I was scanning one of the other systems on the same class C as my laptop. NeWT has a very 'Windows Update' or feel to it. It's easy to configure and navigate, and the report results were clear. NeWT is a Windows port of the engine. Currently the open source version of the Nessus server is UNIX-only, with clients for configuring scans available for Windows or UNIX. NeWT brings the power of Nessus to those preferring to scan from a Windows platform.
Tenable sells two versions of NeWT: one for $500, and one for $3000, with varying IP restrictions. Check out the home page for more information.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |