Educause Security Discussion mailing list archives

Re: Distributed Vulnerability Scanning

From: Graham Toal <gtoal () UTPA EDU>
Date: Tue, 23 Aug 2005 15:34:19 -0500

Christopher E. Cramer wrote:

<>On Tue, 23 Aug 2005, Jeff Giacobbe wrote:

<>In the end though, anybody on your network with enough smarts can
set up
their own Nessus client/server and start scanning away, so being able to
delegate who can/can't scan your network (from the inside) is in some
sense a moot point.


a very good point to remember :)


unless you have a zoned internal network architecture where it's not
*possible*
for local admins to scan any segment other than their own area.  (Something
I'm sincerely hoping will be the case with the virtual firewall architecture
available from the PIX router blades.  If not, we wasted a lot of money
;-) )

I'm a firm believer in departments doing their own scanning because they
usually know best what would be considered anomalous in their area.  And
it reduces the load on Infosecurity :-)


G

Current thread:

Distributed Vulnerability Scanning Sadler, Connie (Aug 23)
- <Possible follow-ups>
- Re: Distributed Vulnerability Scanning Bruce Barrett (Aug 23)
- Re: Distributed Vulnerability Scanning Phillip G Deneault (Aug 23)
- Re: Distributed Vulnerability Scanning Jeff Giacobbe (Aug 23)
- Re: Distributed Vulnerability Scanning H. Morrow Long (Aug 23)
- Re: Distributed Vulnerability Scanning Warren Raquel (Aug 23)
- Re: Distributed Vulnerability Scanning Christopher E. Cramer (Aug 23)
- Re: Distributed Vulnerability Scanning Chad McDonald (Aug 23)
- Re: Distributed Vulnerability Scanning Graham Toal (Aug 23)
- Re: Distributed Vulnerability Scanning Tristan RHODES (Aug 24)
- Re: Distributed Vulnerability Scanning patrick cain (Aug 25)