Educause Security Discussion mailing list archives
Re: Distributed Vulnerability Scanning
From: Jeff Giacobbe <giacobbej () MAIL MONTCLAIR EDU>
Date: Tue, 23 Aug 2005 14:15:52 -0400
Connie- Could you provide some more detail on what you are looking for in terms of making Nessus easier in a distributed environment? I'm far from an expert in Nessus, but my staff uses it frequently to scan particular campus hosts, subnets, or our entire class B (on occasion). Based on my limited experience with Nessus it uses a client-server model where the parameters of the scan are set up on the client and the Nessus server(s) perform the actual attacks...er, "tests" :-) The server requires the client to log in with a username/password, so the access to use a particular Nessus server can be controlled that way. I'm not sure if you can limit the scope of the scan based on the client login (for example "smithj" in the CompSci dept can only submit scans targeted at the CompSci subnets), but I agree that would be a nice feature in a distributed environment. In the end though, anybody on your network with enough smarts can set up their own Nessus client/server and start scanning away, so being able to delegate who can/can't scan your network (from the inside) is in some sense a moot point. Regards, Jeff Sadler, Connie wrote:
Does anyone use a commercial scanner – something like Tenable? The software would allow us to set up accounts and delegate rights for some of our system administrators to run their own scans. The management console would allow us to review results from all of the scans. Does anyone use a commercial appliance and if not, does anyone have a home-grown Nessus interface that makes using Nessus in a distributed environment easier?
Current thread:
- Distributed Vulnerability Scanning Sadler, Connie (Aug 23)
- <Possible follow-ups>
- Re: Distributed Vulnerability Scanning Bruce Barrett (Aug 23)
- Re: Distributed Vulnerability Scanning Phillip G Deneault (Aug 23)
- Re: Distributed Vulnerability Scanning Jeff Giacobbe (Aug 23)
- Re: Distributed Vulnerability Scanning H. Morrow Long (Aug 23)
- Re: Distributed Vulnerability Scanning Warren Raquel (Aug 23)
- Re: Distributed Vulnerability Scanning Christopher E. Cramer (Aug 23)
- Re: Distributed Vulnerability Scanning Chad McDonald (Aug 23)
- Re: Distributed Vulnerability Scanning Graham Toal (Aug 23)
- Re: Distributed Vulnerability Scanning Tristan RHODES (Aug 24)
- Re: Distributed Vulnerability Scanning patrick cain (Aug 25)