Penetration Testing mailing list archives
RE: Qualys performance nonsense
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 13 Feb 2006 13:30:31 -0600
Amit, good points. This discussion has gotten pretty uninformed. 1. It seems highly unlikely, from external audits to the nature of interaction we've had with Qualys, that they have access to private data. I doubt they play games with this as one publicly disclosed violation might sink their business model. 2. This performance talk is nonsense. Unless Qualys has un-improved in the last year, they provide a number of options for scan performance--both Internet and internal appliances, including throttling bandwidth, increasing/decreasing threading, even beyond what their GUI interface allows. I have called Qualys and had them increase both the number of distributed hosts (on their end) and the number of available threads when we've had high numbers of firewalled hosts on low bandwidth links across disparate network blocks to test in a very short time-window. And they've done it. Identifying that you can crank up the gain/speed on a scanner as "better" is like saying that listening to a grenade go off is preferable to the radio because it is "louder". While both may be enjoyable in the right circumstances, it is all about context now isn't it? thread_dead -ae
-----Original Message----- From: Amit [mailto:amit.deshmukh () security-assessment com] Sent: Sunday, February 12, 2006 10:10 PM To: pen-test () securityfocus com Subject: Re: Qualys My comments below guys.There was a query I had initiated on qualysguard sometimeback(late last year) on the list, and quite frankly, the replies generated showed qualysguard in a poor light. As did our own assesment of it. One big problem we saw (and someone else on the list confirmed) was that qualys does have access to your vulnerability data - as in read/view capability - one of the mails that came back to us(from qualys personnel) asked if we wanted help on an aborted scan.I have worked quite closely with Qualys support and can confirm they do not have access to your scan/vuln data. They however get notified of failed scans via the platform and hence the support email to you Prasanna. All scan results are stored in encrypted format within the database and are only accessible via your credentials and support has no knowledge of these.There were a host of other problems with its performance -the scanning being very very slow, b'cos of it happening via the internet. So, if you're looking at a huge network, its going to be slow. We benchmarked it against Nmap, and frankly it was a no-contest.regards, PrasannaThere are options that will let you throttle scan speends. So you really need to look at what options you chose while doing scans. Internet based scanning only occurs for Internet facing hosts. For internal hosts you need to purchase an appliance that would be located on your internal network. The appliance performance parameters can also be configured. In my experience I have always had to slow down the scan in order to ensure no network devices get bumped off due to scan packets. David, to answer your question, one of our clients who was trialling qualysguard accidentally set off a scan of a class A network and went home and returned the next morning to find about 80,000 hosts scanned :) Amit.________________________________________ From: David M. Zendzian [mailto:dmz () dmzs com] Sent: Wed 2/8/2006 11:35 AM To: US Infosec Cc: pen-test () securityfocus com Subject: Re: Qualys -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 And just for the lists knowledge, what products did you findthat coulddeliver on a class A assessment? BTW, I know of several national and multi-national financial institutions that depend on n-circle, doing both regularsweeps aroundtheir network as well as tying into their dhcp servers toscan hosts asthey "go-live". dmze-mail protected and scanned by Bizo Email Filter - powered by Advascan
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Qualys performance nonsense Evans, Arian (Feb 13)