Educause Security Discussion mailing list archives

Re: Distributed Vulnerability Scanning

From: "Christopher E. Cramer" <chris.cramer () DUKE EDU>
Date: Tue, 23 Aug 2005 15:23:11 -0400

On Tue, 23 Aug 2005, Jeff Giacobbe wrote:


The server requires the client to log in with a username/password, so
the access to use a particular Nessus server can be controlled that way.
I'm not sure if you can limit the scope of the scan based on the client
login (for example "smithj" in the CompSci dept can only submit scans
targeted at the CompSci subnets), but I agree that would be a nice
feature in a distributed environment.


this is currently the case.  nessus has a way of specifying on a per-user
basis which subnets can or can't be scanned.  essentially, each user has a
profile which lists the permissions of that user.  you can add or delete
subnets or machines.


In the end though, anybody on your network with enough smarts can set up
their own Nessus client/server and start scanning away, so being able to
delegate who can/can't scan your network (from the inside) is in some
sense a moot point.


a very good point to remember :)

-c

Current thread:

Distributed Vulnerability Scanning Sadler, Connie (Aug 23)
- <Possible follow-ups>
- Re: Distributed Vulnerability Scanning Bruce Barrett (Aug 23)
- Re: Distributed Vulnerability Scanning Phillip G Deneault (Aug 23)
- Re: Distributed Vulnerability Scanning Jeff Giacobbe (Aug 23)
- Re: Distributed Vulnerability Scanning H. Morrow Long (Aug 23)
- Re: Distributed Vulnerability Scanning Warren Raquel (Aug 23)
- Re: Distributed Vulnerability Scanning Christopher E. Cramer (Aug 23)
- Re: Distributed Vulnerability Scanning Chad McDonald (Aug 23)
- Re: Distributed Vulnerability Scanning Graham Toal (Aug 23)
- Re: Distributed Vulnerability Scanning Tristan RHODES (Aug 24)
- Re: Distributed Vulnerability Scanning patrick cain (Aug 25)