Penetration Testing mailing list archives
Re: Online Scanning Services Vrs. Stand Alone Applications
From: Gene Yoo <gyoo () attbi com>
Date: Thu, 27 Feb 2003 18:16:37 -0800
IMHOi have not heard about any comparison except bunch of sales pitch. i do agree with danny that depending on the size of your pipe, it's not only cost prohibitive but also resource hog.
it's nice that someone outside could do that for you and for you to open up ports for them to scan the internal networks via vpn tunnel, and of course you're getting an outside opinion, but tools like nessus, you could setup a nessus client at various parts of your network subnet or your vlans and have those remote agents send back the findings to the nessus server (perhaps with mysql backend for later correlation analysis).
i say there is too many to choose from the menu, but choosing the resturant would depend on your budget and taste (or what you're used to, etc...).
just my .02 gene Danny wrote:
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1I've not seen a comparison, but in my opinion remote scanning is a waste of time and money for large networks such as anything over a class C. Having someone do a full vulnerability scan remotely over your entire IP space takes a lot of time and a lot of bandwidth, if a company is on a T1 it could take several hours and may impact the performance of their corporate link. Having said that, if someone was to come up with a semi remote scanning option for a managed service it may be a little more feasible. By semi remote I mean the scanning company has an agent on the local LAN which handles the actual scanning and simply reports back to an offsite database for analysis.Currently we are using SecureScanNX from vigilante.com. This tool allow us to do full vuln scans of our entire network, we have agents placed at various points of the network which handle the scanning for their network segments and report back to a controlling terminal, doing this stops us from flooding our WAN/MAN links and keeps the scans times down relatively low. Cheers Danny Network Security Engineer Drexel University PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0 PGP Key: http://akasha.irt.drexel.edu/danny.asc- -----Original Message-----From: Alfred Huger [mailto:ah () securityfocus com] Sent: Wednesday, February 26, 2003 4:06 PMTo: pen-test () securityfocus com Subject: Online Scanning Services Vrs. Stand Alone Applications Hey all, I have a question, which is two fold. First can anyone point me to comparison articles of online scanners (such as Foundstone) vrs. standalone applications such as ISS? I am looking for technical comparisons not a treatise on the benefits of someone managing your scanning for you or not. The second part of the question is, are their any technical advantages between the two setups? I understand this overlaps with the first question but I ask this after having searched for good writeups and came out with very little. - -al Alfred Huger Symantec Corp. - ---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A> -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPl0+/Gb1zPz07fHgEQKNMgCZAWiZsphU4AWefT4ZVXUl9oABhw0AnjPA 8yiC4zH8B+tKwm6COkxg34Ed =Z1G+ -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A>
-- <<gyoo [at] attbi [dot] com>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+ otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs 5CODZqUPyg== =AolA -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A>
Current thread:
- Online Scanning Services Vrs. Stand Alone Applications Alfred Huger (Feb 26)
- RE: Online Scanning Services Vrs. Stand Alone Applications Filipe Custodio (Feb 27)
- Re: Online Scanning Services Vrs. Stand Alone Applications Fernando Martins (Feb 28)
- <Possible follow-ups>
- RE: Online Scanning Services Vrs. Stand Alone Applications Danny (Feb 27)
- Re: Online Scanning Services Vrs. Stand Alone Applications Gene Yoo (Feb 28)
- Re: Online Scanning Services Vrs. Stand Alone Applications oherrera (Feb 27)
- RE: Online Scanning Services Vrs. Stand Alone Applications Davi Ottenheimer (Feb 28)