Penetration Testing mailing list archives
RE: Distributed Vulnerability Scanners
From: "charl van der walt" <charl () sensepost com>
Date: Fri, 7 Mar 2003 22:17:32 +0200
hey,
I think that using automated and "coin operated" scanner is fine so long as they are well understood, don't have the whole of security placed on them and that are used only to confirm security levels not as the only security.
i agree fully. the technology is often useless and may be downright dangerous if not fully undestood and carefully used. in our case, that's a large part of the thinking behind the support that we offer, is completely integrated into the reports. we have very few clients who would derive any real benefit from the service it it was backed by skilled and experienced support personnel. having said that, the combination of automated scanning and real-life support does allow for a high-value low-cost solution. in our model we believe that the customers who benefit the most from the service are those that have large Internet infrastructure but have already achieved a sufficient 'baseline' level of security. with those customers we are often able to detect changes (new hosts, open ports, changed configurations, DNS and the like) that could impact security. this is the one scenarion where "coin operated" scanners can work well. we have some thoughts on "Intranet" scanning also. our thinking there is not to run full vulnerability scans at all. instead, we use Nessus to continuously run scans for only a handfull of vulnerabilities that we decided on previously together with the client. via a web interface we indentify the machines that are vulnerable to each of the problems we selected and graph the networks 'progress', i.e. whether the number of vulnerable machines is actually getting less or not. if the number does descend below an accpetable threshold we repeat the process with a new set of vulnerabilties. in this way we're tackeling a big problem in small steps. the configuration interface also allows us to run scans per subnet and deliver the reports to the person responsible for that space. my 2c charl ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Distributed Vulnerability Scanners Talisker (Mar 06)
- RE: Distributed Vulnerability Scanners Greg Reber (Mar 06)
- Re: Distributed Vulnerability Scanners Gideon Rasmussen, CISSP (Mar 06)
- Re: Distributed Vulnerability Scanners Talisker (Mar 09)
- Re: Distributed Vulnerability Scanners Alex Zimin (Mar 06)
- Re: Distributed Vulnerability Scanners cdowns (Mar 07)
- Re: Distributed Vulnerability Scanners Michael Murray (Mar 09)
- <Possible follow-ups>
- RE: Distributed Vulnerability Scanners Erik Birkholz (Mar 06)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 06)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 09)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners Kohlenberg, Toby (Mar 06)
- Re: Distributed Vulnerability Scanners Renaud Deraison (Mar 07)
- RE: Distributed Vulnerability Scanners Rapaille Max (Mar 07)
- Re: Distributed Vulnerability Scanners sacha . faust . bourque (Mar 07)
- Re: Distributed Vulnerability Scanners spectom (Mar 11)
- RE: Distributed Vulnerability Scanners Sunny Chowdhury (Mar 09)
- RE: Distributed Vulnerability Scanners Ken Smith (Mar 11)
- Re: Distributed Vulnerability Scanners Preston (Mar 11)
- RE: Distributed Vulnerability Scanners Greg Reber (Mar 06)