Penetration Testing mailing list archives
RE: QualysGuard
From: "DeGennaro, Gregory" <Gregory_DeGennaro () csaa com>
Date: Wed, 25 Aug 2004 07:36:53 -0700
It is a good product, except all your data is kept in a "secure" repository back at their HQ. The good thing about this is you can access your box indirectly from anywhere and view the results. The draw back, is that Qualys could gain access to your data as well as a hacker (cracker) who had gained access into the Qualys network. The Qualys appliance appears to be fairly secure running GENTOO Linux as its OS. The appliance's HDD is encrypted and the there is no direct access into the appliance. All of the commands that the appliance receives is from a pull to the web portal from Qualys that you access from anywhere. The appliance will push data to the web portal after each scan. It is a really good appliance\service. The draw backs are cost and the storage of company information at an external repository which will need a risk acceptance from management. Regards, Greg DeGennaro Jr., CISSP, CCNP Systems Engineer -----Original Message----- From: Eric Danso [mailto:edanso () myblackberry com] Sent: Tuesday, August 24, 2004 8:50 AM To: pen-test () securityfocus com Subject: QualysGuard Has anyone on this list had a chance to use this product. I'm interested in getting a Vulnerability scanner that is the defacto of the Industry. Any info would be great. Regards, Eric Danso --- Sent via BlackBerry. ------------------------------------------------------------------------ ------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- QualysGuard Eric Danso (Aug 24)
- RE: QualysGuard wnorth (Aug 26)
- RE: QualysGuard Martin (Aug 26)
- Re: QualysGuard Anthony Paimany (Aug 27)
- RE: QualysGuard dagney (Aug 27)
- RE: QualysGuard Martin (Aug 26)
- Re: QualysGuard Bobby . Clarke (Aug 28)
- <Possible follow-ups>
- RE: QualysGuard Don Parker (Aug 25)
- RE: QualysGuard Paula Deal (Aug 25)
- RE: QualysGuard Haseeb Chaudhary (Aug 26)
- RE: QualysGuard DeGennaro, Gregory (Aug 26)
- RE: QualysGuard Aurélien Cabezon (Aug 27)
- Re: QualysGuard Richard Nootebos (Aug 26)
- RE: QualysGuard Eric Danso (Aug 27)
- RE: QualysGuard DeGennaro, Gregory (Aug 30)
- RE: QualysGuard wnorth (Aug 26)