Security Basics mailing list archives
Re: Nessus Reporting frontend options - scan management
From: Mike Acker <macker () internap com>
Date: Thu, 7 May 2009 06:38:08 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have experience with it. We used run the lightening app, and most recently (about 9 months ago) tested the nesses security center. Granted, this was before they started charging corporate customers to use nessus, which we no longer use. I was fairly dissapointed with it. It will provide you with pretty graphs, more information than you need, etc. It was fairly expensive at the time, in the price range of over 15k. If you have a lot of nessus scanners, say in an isp environment where you want to run one for each data center thats more local, I can see how its a nice way to consolidate, assuming you pay for tenables new *pricing model/feed model*. What was a deal killer for me and the reason not moving forward is, when you buy it, it comes with support. That support only includes running it on redhat linux. If your a debian/ubnt shop, now you need to manage a solo rpm management box. They wont even talk to you if you run it on anything nonredhat, so your paying for support if you need it, but you won't get it. Also I noticed some funky issues. At the time, it would work only with openssl 0.97 when I was testing it. After doing a normal update to openssl 0.98, it broke the app. It ended up being a lot of work just to perform testing, and using rpm2tgz and try to build it on debian didn't work out well. They will give you a trial if you want to test, just be aware unless they have changed over the past 9 months, you will be stuck running a redhat box, and any normal upgrades might potentially break the app, but I guess their support could work through issues. Seemed a bit odd to us for a securty app to not support the newest openssl. To be honest, I don't even bother with nessus anymore, as it produces too many results. Scheduling scans can be done via nmap. Use -oM option and pipe the output through amap to recognize whats actually running on a port. Newer nmaps have ndiff so you can do delta reports... its fast, simple, easy, and free. Keep up with infosec vulns using standard means, ie vendor mailing lists, bugtraq/fd/whatever rather than waiting for an app to tell you. Use google api's to just generate reports based off nmap/amap output.. You can do charts, graphcs, you name it. We do it for weekly phishing reports pulled from phishtank.com, then use google api to automatically mail out pretty pdf reports. It's fairly simple and the cost/time is much less than a 20k app that is debatable at best. The tenable trial goes for 30 days, jsut be aware they will call you weekly for years to come to see if 'you're ready to move forward'... Daniel I. Didier <ddidier () netsecureia com> wrote [05.05.09]:
Jeff, Do you have experience with Tenable Security Center? If so, what is your impression? Thanks, Dan-----Original Message----- From: Jeff Stebelton [mailto:jeff.stebelton () gmail com] Sent: Tuesday, May 05, 2009 7:01 PM To: Daniel I. Didier; security-basics () securityfocus com Subject: Re: Nessus Reporting frontend options - scan management Tenable Security Center does all that... On 5/5/09, Daniel I. Didier <ddidier () netsecureia com> wrote:Hello, I am looking for input on available Nessus scan managementsolutions. Ihave used inprotect in the past and have been generally pleased withitscapabilities but it seems to lack development. I am also aware of autonessus which has similar functions. I am curious what otheroptionsexist. The primary requirements are the ability to schedule scans andcompareresults; new, mitigated, and existing vulnerabilities and produceusefulreports. Also, the ability to mark a finding as a false positive or acceptable risk is needed. Any input and experience is appreciated Dan------------------------------------------------------------------------This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF)exercises,Certified Ethical Hacker and Certified Penetration Tester exams,taughtbyan expert with years of real pen testing experience.http://www.infosecinstitute.com/courses/ethical_hacking_training.html-------------------------------------------------------------------------- Sent from my mobile device Jeff Stebelton, GCFW GCIA GCIH CEH ESSE------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
- -- Mike Acker, GIAC Information Security Analysis Internap Network Services, Inc. (c) 206.226.9727 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iEYEARECAAYFAkoC5D8ACgkQBFfbgm5FXkWi6wCeIecdC/SJHV0jib+7hT3HZT3c v3MAnjJmG7/vfN4TAEDVV2eCv975AQE3 =DXxH -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Nessus Reporting frontend options - scan management Daniel I. Didier (May 05)
- Re: Nessus Reporting frontend options - scan management Joe Klemencic (May 06)
- Re: Nessus Reporting frontend options - scan management Jeff Stebelton (May 06)
- RE: Nessus Reporting frontend options - scan management Daniel I. Didier (May 06)
- Re: Nessus Reporting frontend options - scan management Mike Acker (May 07)
- RE: Nessus Reporting frontend options - scan management Daniel I. Didier (May 06)
- Re: Nessus Reporting frontend options - scan management Nikhil Wagholikar (May 06)