Educause Security Discussion mailing list archives
Re: Vulnerability Scanning Problem
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Wed, 13 Dec 2006 16:20:46 +1300
Curt Wilson wrote:
Without some type of agent on the client I don't see how you can get a good picture of client-side hosts with network-only assessment.
You can't but in some senses it does not matter. What the vulnerability scanner sees is what your naive attacker will also see. As in all security stuff you need to be clear about exactly what risks you are trying to mitigate. I would argue that nmap combined with arp table mining is an effective means of determining your exposure to most attackers you are likely to have against general machines on the network. This may well not be adequate for machine holding sensitive data where you really do need privileged access to the box to get an adequate picture of what is going on but that should not stop you from using it on the 90% of the addresses that are unlikely to come under targeted attack. We are looking toward a two tiered approach to vulnerability assessment. Simple minded stuff mostly based on nmap for the bulk of the network and much more rigorous nessus scans (including root/admin access) for stuff in the data centre. This way we get the most value for our effort. Russell
Current thread:
- Vulnerability Scanning Problem Logan, Kimberly (loganks) (Dec 11)
- <Possible follow-ups>
- Re: Vulnerability Scanning Problem Michael Hornung (Dec 11)
- Re: Vulnerability Scanning Problem Wang Cheng (Dec 11)
- Re: Vulnerability Scanning Problem Wyman Miles (Dec 12)
- Re: Vulnerability Scanning Problem Graham Toal (Dec 12)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 12)
- Re: Vulnerability Scanning Problem Russell Fulton (Dec 12)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 13)
- Re: Vulnerability Scanning Problem Michael Hornung (Dec 13)
- Re: Vulnerability Scanning Problem Mike Wiseman (Dec 13)
- Re: Vulnerability Scanning Problem Russell Fulton (Dec 13)
- Re: Vulnerability Scanning Problem Curt Wilson (Dec 15)
- Re: Vulnerability Scanning Problem Randy Marchany (Dec 15)