RE: Vulnerability Scanning - Prioritising Remediation

[Dominick Birolin <Dominick.Birolin () naeallc com>]

Depending on the IPS setting the IPS can interpret vulnerability scanning as a malicious traffic attempt and block it. 
You have tune the IPS correctly to avoid this. It takes a little bit of time but once it is done correctly you will not 
have to switch it off every time you want to scan.  

Regards,
Dominick J. Birolin
Network Engineer / Cyber Security
Desk    732-623-8896
Mobile 732-429-2961
Fax      732-623-8897
North American Energy Alliance LLC
99 Wood Avenue South Suite 200 
Iselin, NJ 08830
Please consider the environment before printing this email.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ted fred
Sent: Wednesday, September 21, 2011 12:41 PM
To: John Morrison; J Teddy
Cc: Securuty Basics Mailing List
Subject: Re: Vulnerability Scanning - Prioritising Remediation

I believe you should do both. with the IPS it shows whether or not its effective and working.

Without reveals the true state without a mitigating control.

-----Original Message-----
From: John Morrison
Sent: Wednesday, September 21, 2011 1:20 AM
To: J Teddy
Cc: Securuty Basics Mailing List
Subject: Re: Vulnerability Scanning - Prioritising Remediation

If you have an IPS as part of your security system should you not scan with it switched on? It is one of your controls. 
If you run a VA scan without the IPS won't you get incorrect results?

What do other subscribers to this list do?

Regards




John

On 20 September 2011 06:37, J Teddy <jteddylists () gmail com> wrote:
> I'm currently documenting how to prioritise remediation efforts from 
> my last vulnerability scan.  As my assets have all had information 
> risk assessments conducted, I can easily calculate my CVSS score using 
> the CVSS2 calculator.
>
> I then started thinking about compensating controls in my network 
> where I could possibly lower the priority of the remediation.  For 
> example the SSH vulnerability priority may be lowered as there is a 
> signature for prevention on my IPS.
>
> The question I can not answer is if my IPS has prevention for such a 
> signature, and I'm running a vulnerability scan through that IPS, will 
> my IPS block those packets, with the end result being my VA scan does 
> not detect the vulnerability?
>
> Thanks.
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this 
> guide we examine the importance of Apache-SSL and who needs an SSL 
> certificate.  We look at how SSL works, how it benefits your company 
> and how your customers can tell if a site is secure. You will find out 
> how to test, purchase, install and use a thawte Digital Certificate on 
> your Apache web server. Throughout, best practices for set-up are 
> highlighted to help you ensure efficient ongoing management of your 
> encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------