Re: Nessus Reporting frontend options - scan management

[Mike Acker <macker () internap com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have experience with it. We used run the lightening app, and most recently 
(about 9 months ago) tested the nesses security center. Granted, this was 
before they started charging corporate customers to use nessus, which we no 
longer use.

I was fairly dissapointed with it. It will provide you with pretty graphs, 
more information than you need, etc. It was fairly expensive at the time, in 
the price range of over 15k. If you have a lot of nessus scanners, say in an 
isp environment where you want to run one for each data center thats more 
local, I can see how its a nice way to consolidate, assuming you pay for 
tenables new *pricing model/feed model*.

What was a deal killer for me and the reason not moving forward is, when you 
buy it, it comes with support. That support only includes running it on 
redhat linux. If your a debian/ubnt shop, now you need to manage a solo rpm 
management box. They wont even talk to you if you run it on anything 
nonredhat, so your paying for support if you need it, but you won't get it.
Also I noticed some funky issues. At the time, it would work only with 
openssl 0.97 when I was testing it. After doing a normal update to openssl 
0.98, it broke the app.

It ended up being a lot of work just to perform testing, and using rpm2tgz 
and try to build it on debian didn't work out well.

They will give you a trial if you want to test, just be aware unless they 
have changed over the past 9 months, you will be stuck running a redhat box, 
and any normal upgrades might potentially break the app, but I guess their 
support could work through issues. Seemed a bit odd to us for a securty app 
to not support the newest openssl.

To be honest, I don't even bother with nessus anymore, as it produces too 
many results. Scheduling scans can be done via nmap. Use -oM option and pipe 
the output through amap to recognize whats actually running on a port. Newer 
nmaps have ndiff so you can do delta reports... its fast, simple, easy, and 
free. Keep up with infosec vulns using standard means, ie vendor mailing 
lists, bugtraq/fd/whatever rather than waiting for an app to tell you. Use 
google api's to just generate reports based off nmap/amap output.. You can do 
charts, graphcs, you name it. We do it for weekly phishing reports pulled 
from phishtank.com, then use google api to automatically mail out pretty pdf 
reports. It's fairly simple and the cost/time is much less than a 20k app 
that is debatable at best.

The tenable trial goes for 30 days, jsut be aware they will call you weekly 
for years to come to see if 'you're ready to move forward'...


Daniel I. Didier <ddidier () netsecureia com> wrote [05.05.09]:
> Jeff,
> Do you have experience with Tenable Security Center?  If so, what is
> your impression?
>
> Thanks,
> Dan
>
> > -----Original Message-----
> > From: Jeff Stebelton [mailto:jeff.stebelton () gmail com]
> > Sent: Tuesday, May 05, 2009 7:01 PM
> > To: Daniel I. Didier; security-basics () securityfocus com
> > Subject: Re: Nessus Reporting frontend options - scan management
> >
> > Tenable Security Center does all that...
> >
> > On 5/5/09, Daniel I. Didier <ddidier () netsecureia com> wrote:
> > > Hello,
> > > I am looking for input on available Nessus scan management
> solutions.  I
> > > have used inprotect in the past and have been generally pleased with
> its
> > > capabilities but it seems to lack development.  I am also aware of
> > > autonessus which has similar functions.  I am curious what other
> options
> > > exist.
> > >
> > > The primary requirements are the ability to schedule scans and
> compare
> > > results; new, mitigated, and existing vulnerabilities and produce
> useful
> > > reports.  Also, the ability to mark a finding as a false positive or
> > > acceptable risk is needed.  Any input and experience is appreciated
> > >
> > > Dan
> ------------------------------------------------------------------------
> > > This list is sponsored by: InfoSec Institute
> > >
> > > Learn all of the latest penetration testing techniques in InfoSec
> > > Institute's Ethical Hacking class.
> > > Totally hands-on course with evening Capture The Flag (CTF)
> exercises,
> > > Certified Ethical Hacker and Certified Penetration Tester exams,
> taught
> > by
> > > an expert with years of real pen testing experience.
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > >
> ------------------------------------------------------------------------
> > >
> >
> > --
> > Sent from my mobile device
> >
> > Jeff Stebelton, GCFW GCIA GCIH CEH ESSE
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
> Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
> Penetration Tester exams, taught by an expert with years of real pen testing experience.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------

- -- 

Mike Acker, GIAC
Information Security Analysis
Internap Network Services, Inc.
(c) 206.226.9727


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iEYEARECAAYFAkoC5D8ACgkQBFfbgm5FXkWi6wCeIecdC/SJHV0jib+7hT3HZT3c
v3MAnjJmG7/vfN4TAEDVV2eCv975AQE3
=DXxH
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------