Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Online Scanning Services Vrs. Stand Alone Applications

From: oherrera <oherrera () Prodigy Net mx>
Date: Fri, 28 Feb 2003 18:22:00 -0500
Indeed, online scanning might bee seen just as external
vulnerability scanning outsourcing, but there might be some
advantages to the outsourcing process (leaving alone
technical disadvantages).

The outsourcer might (in theory) be able to dedicate a team
of specialist to the follow-up process. After you do the
scan, and identify the vulnerabilities this team should
identify false positives, recommend alternative solutions
and keep track of the patching process.

Of course you could put a team of your own but for some
organizations it might be more cost-effective to outsource
the service rather than maintaining full time specialists.

If I remember correclty, FoundScan offered this
vulnerability management option with FoundScan (both online
and with appliances) or they give you the option to aquire
the tools and do the vulnerability management yourself.
Anyway, this is another story, this is what online scanners
and services are evolving into.

If you ask me if pure online scanning is worth the try I
would think the same as you: "it is just a matter of
deciding if you want to do the scanning yourself or not",
technically I don't see any advantage.

Omar Herrera


All the answers so far seem to fall under the "treatise on
the benefits of someone managing your scanning for you or
not". Surely there's someone out there who's used these
outside services and can provide a more detailed technical
comparison of the scanners.
Or am I missing the point here. So far it seems that there
really is not a lot of technical difference -- it's all
just a matter of who's running the scanners and from
where. Bandwidth consumption is a configuration issue with
all scanners coming from the outside, not an inherent
disadvantage to online scanners. The same for agents.

My only experience with the online scanners is with simple
stuff like ShieldsUp, which, technically speaking, seem
indistinguishable on the network from running the same
attacks with a standalone application on the outside.

+++
----------------------------------------------------------
--- +++ Davi Ottenheimer, CISSP
Synchron Networks, Inc. Chief Security Engineer
          www.synchronnetworks.com  email:
mailto:davi () synchronnetworks com      100 Enterprise Way,
C230  emergency: mailto:8315884778 () vtext com       Scotts
Valley, CA 95066

-----Original Message-----
From: Gene Yoo [mailto:gyoo () attbi com]
Sent: Thursday, February 27, 2003 6:17 PM
To: Danny; 'pen-test () securityfocus com'
Cc: 'Alfred Huger'
Subject: Re: Online Scanning Services Vrs. Stand Alone
Applications

IMHO

i have not heard about any comparison except bunch of
sales  pitch.  i do agree with danny that depending on
the size of  your pipe, it's not only cost prohibitive
but also resource hog.
it's nice that someone outside could do that for you and
for  you to open up ports for them to scan the internal
networks  via vpn tunnel, and of course you're getting
an outside  opinion, but tools like nessus, you could
setup a nessus  client at various parts of your network
subnet or your vlans  and have those remote agents send
back the findings to the  nessus server (perhaps with
mysql backend for later  correlation analysis).

i say there is too many to choose from the menu, but
choosing the resturant would depend on your budget and
taste  (or what you're used to, etc...).

just my .02

gene

Danny wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've not seen a comparison, but in my opinion remote
scanning is a  waste of time and money for large

networks such as anything  over a class C.


Having someone do a full vulnerability scan remotely

over  your entire

IP space takes a lot of time and a lot of bandwidth,

if a  company is on a T1 it could take several hours and
may impact  the performance of their corporate link.


Having said that, if someone was to come up with a
semi remote  scanning option for a managed service it

may be a little  more feasible. By semi remote I mean
the scanning company has  an agent on the local LAN
which handles the actual scanning  and simply reports

back to an offsite database for analysis.
Currently we are using SecureScanNX from
vigilante.com. This tool  allow us to do full vuln

scans of our entire network, we  have agents

placed at various points of the network which handle

the  scanning for

their network segments and report back to a
controlling terminal,  doing this stops us from
flooding our WAN/MAN links and keeps the  scans times
down relatively low.
Cheers
Danny
Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC

F4ED  F1E0 PGP Key:

http://akasha.irt.drexel.edu/danny.asc


- -----Original Message-----
From: Alfred Huger [mailto:ah () securityfocus com]
Sent: Wednesday, February 26, 2003 4:06 PM
To: pen-test () securityfocus com
Subject: Online Scanning Services Vrs. Stand Alone
Applications


Hey all,

I have a question, which is two fold. First can anyone
point me to  comparison articles of online scanners
(such as Foundstone) vrs.  standalone applications
such as ISS? I am looking for technical  comparisons
not a treatise on the benefits of someone managing
your  scanning for you or not.
The second part of the question is, are their any

technical  advantages

between the two setups? I understand this overlaps
with the first  question but I ask this after having
searched for good writeups and  came out with very
little.
- -al


Alfred Huger
Symantec Corp.


-




----------------------------------------------------------

---- --------------

<Pre>Do you know the base address of the Global Offset

Table (GOT) on a Solaris 8 box?

CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core";>

http://www.securityfocus.com/core</A>


-----BEGIN PGP

SIGNATURE-----

Version: PGP 8.0



iQA/AwUBPl0+/Gb1zPz07fHgEQKNMgCZAWiZsphU4AWefT4ZVXUl9oABhw

0AnjPA 8yiC4zH8B+tKwm6COkxg34Ed
=Z1G+
-----END PGP SIGNATURE-----





----------------------------------------------------------

------------ ------
<Pre>Do you know the base address of the Global Offset

Table (GOT) on a Solaris 8 box?

CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core";>

http://www.securityfocus.com/core</A>






--
<<gyoo [at]
attbi [dot] com>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)



iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+k

WfdJ0R

xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg

2f7gf+

otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68

G7Ozxs 5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----





----------------------------------------------------------

---- --------------
<Pre>Do you know the base address of the Global Offset
Table  (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre>
<A  href="http://www.securityfocus.com/core";>

http://www.securityfocus.com/core</A>

----------------------------------------------------------
------------------ <Pre>Do you know the base address of
the Global Offset Table (GOT) on a Solaris 8 box? CORE
IMPACT does.</Pre> <A
href="http://www.securityfocus.com/core";>
http://www.securityfocus.com/core</A>


----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core";> http://www.securityfocus.com/core</A>
Previous By Date Next
Previous By Thread Next

Current thread: