Firewall Wizards mailing list archives
RE: commercial va
From: "Ben Nagy" <ben () iagu net>
Date: Thu, 17 Apr 2003 09:43:12 +0200
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Behm, Jeffrey L. Sent: Wednesday, 16 April 2003 8:02 PM To: firewall-wizards () honor icsalabs com Do you have any specifics on what got "freaked out?" by nessus?
Network infrastructure, particularly (in my case) switches with spanning tree enabled. I still feel the pain. This was a while ago, yada yada, but AFAIK it's still a fairly widely held belief. Most people recommend that you avoid routing your nessus scans around a lot, or scanning your infrastructure (routers, switches, firewalls) devices too heavily. Obviously if you don't run in safe mode you have even more potential problems, but I already assumed that nobody sane would do that on a production network. I have also "heard" (this is code for "I can't remember where I heard it, nor can I back it up from my own experience") that some hosts or servers have had problems with safe nessus scans and crashed anyway. As for the rest of the thread, I'll shut up now that there has been a decent discussion - I was terrified that the poster would go and evaluate nothing but ISS and Cybercop - which is probably not a good plan. General points that I would like to underline: - VA can't yet replace a smart security person in terms of turning scan results into sensible risk management and remediation. - The whole VA space is still evolving. Event correlation, distributed scanning, automatic remediation and early attempts at intelligent risk or threat assessment are already out there from a number of vendors. - No tool is perfect, and while everyone is working to reduce false positives and false negatives, writing checks that don't crash things is actually pretty hard. Don't assume that your tool is giving you the gospel.
I.E. what in particular should one be concerned about? [...] Please enlighten me if I am astray. At some point, Ben Nagy spewed:
Spewed? ;)
You should look at Retina as well. For freeware, Nessus isalso cool,but I, personally, would be very careful running it on production networks (we often recommend that people use nessus as acomplement toRetina, but it does have a habit of freaking out networks).
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: commercial va, (continued)
- Re: commercial va R. DuFresne (Apr 16)
- Re: commercial va Anton A. Chuvakin (Apr 16)
- Re: commercial va Mark Gumennik (Apr 16)
- Re: commercial va Anton Chuvakin (Apr 17)
- Re: commercial va Mark Gumennik (Apr 17)
- Re: commercial va Mark Gumennik (Apr 16)
- Re: commercial va Andy Cuff [Talisker] (Apr 16)
- Re: commercial va Gary Flynn (Apr 16)
- Re: commercial va Mark Teicher (Apr 17)
- Re: commercial va Mark Gumennik (Apr 16)
- RE: commercial va Behm, Jeffrey L. (Apr 16)
- RE: commercial va Ben Nagy (Apr 17)
- RE: commercial va Kalat, Andrew (ISS Atlanta) (Apr 16)
- RE: commercial va Darden, Patrick S. (Apr 17)