The Web    Google
Startup Unveils Web Server Assessment, Defense Toolkit

Startup Unveils Web Server Assessment, Defense Toolkit
December 19, 2002

NT OBJECTives, Inc. this week announced a Web server security assessment and defense toolkit built out of a collection of freeware tools with added collaboration and reporting functions. True to its freeware roots, the company is offering the toolkit at just $999 per year for unlimited enterprise use.

NT OBJECTives was founded by a group of security experts who helped build the Foundstone vulnerability scanning toolset as well as Tripwire for NT, one of the first security products for Windows NT.

That product was developed by JD Glaser, CEO of NT OBJECTives. He says the idea behind his company is to offer useful security tools at an affordable price.

"People are really tired of paying for incredibly expensive security tools and getting a lot of false positives," Glaser says. "We want to hit that middle point and give people better quality for a lower price."

The company's Fire & Water Toolkit v1.0 is a collection of command-line tools that can share data with one another using XML formats and generate HTML-based reports that enable a company to easily determine their security posture. While companies could perform many of the same functions using a collection of freeware tools, such tools typically offer only text output and can't communicate with each other, Glaser says.

Fire & Water includes:

  • ntoscan -- a port scanner that discovers live hosts and their open ports.
  • ntoweb -- a Web server scanner that looks for high-risk vulnerabilities in Internet Information Server (IIS) and Apache Web servers.
  • ntoroute -- a traceroute tool that collects network information and passes it to a mapping tool.
  • ntomap -- a graphical network mapping tool that shows where vulnerabilities exists and allows drill-down capabilities.
  • ntotrend -- an analysis tool, to track network changes over time, using data gleaned from multiple scans.
  • ntowire -- an Internet Server API (ISAPI) filter that enforces security policies on IIS servers and supports Snort intrusion detection signatures, to detect signature-based attacks.

    The toolkit includes a Web Server Fingerprinting function that uses a series of queries and responses to accurately determine what types of Web servers and are deployed and what services each is running. The technique is meant to get around methods that Web administrators use to disguise server identities in hopes of thwarting attacks targeted at specific types of servers.

    Such techniques, while they can be effective in thwarting hackers, prevent proper management, such as if a vulnerability scanning tool can't properly identify the server.

    "You can't defend what you don't know about," Glaser says.

    The product is available for download at A yearly subscription costs $199 per user or $999 for an enterprise subscription, which includes email notification and download of updates, fixes and enhancements. The toolkit is available at no cost for personal use.

  • 10/29: Singu-B Allows Remote Access
  • 1/4: Sdbot-AI Worm/Trojan Lets Hackers In
  • Are You Ready for RFID?
  • AntiOnline Security Spotlight: CD-Wrecker
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • Platform Logic Wraps OS, Apps With Security Protections
  • House Renews Anti-Spyware Push
  • Spyware Sneaking into the Enterprise
  • 6/28: Rbot-CA Allows Remote Access
  • 11/1: Bagle-BE Worm Opens TCP Port
  • Virus Alert: Worm Uses Own SMTP Engine to Spread
  • Discussion on Security Camera