Attack simulators
Program packages which simulate common forms of attack. Examples: SARA, SAINT, nessus (all three are free software), ISS, CyberCop. These packages check the network from outside by running known attack scenarios. It’s advisable, however, not to rely on tools like this. The reason is simple: the attack simulator can test only what it’s been programmed with. But if there are fundamental weaknesses which are not covered by any of the simulator’s attack scenarios, you won’t find out. So it’s better to check the configurations from within as well as using an attack simulator. Here, too, programs (like COPS) can provide worthwhile support.
