Re: Vulnerability Scanning Problem

[Russell Fulton <r.fulton () AUCKLAND AC NZ>]

Curt Wilson wrote:
> Without some type of agent on the client I don't see how you can get a
> good picture of client-side hosts with network-only assessment.

You can't but in some senses it does not matter.  What the vulnerability
scanner sees is what  your naive attacker will also see.  As in all
security stuff you need to be clear about exactly what risks you are
trying to mitigate.  I would argue that nmap combined with arp table
mining is an effective means of determining your exposure to most
attackers you are likely to have against general machines on the network.

This may well not be adequate for machine holding sensitive data where
you really do need privileged access to the box to get an adequate
picture of what is going on but that should not stop you from using it
on the 90% of the addresses that are unlikely to come under targeted attack.

We are looking toward a two tiered approach to vulnerability
assessment.  Simple minded stuff mostly based on nmap for the bulk of
the network and much more rigorous nessus scans (including root/admin
access) for stuff in the data centre.  This way we get the most value
for our effort.

Russell