Firewall Wizards mailing list archives

RE: commercial va

From: "Ben Nagy" <ben () iagu net>
Date: Thu, 17 Apr 2003 09:43:12 +0200

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
Of Behm, Jeffrey L.
Sent: Wednesday, 16 April 2003 8:02 PM
To: firewall-wizards () honor icsalabs com

Do you have any specifics on what got "freaked out?" by 
nessus?


Network infrastructure, particularly (in my case) switches with spanning
tree enabled. I still feel the pain. This was a while ago, yada yada, but
AFAIK it's still a fairly widely held belief. Most people recommend that you
avoid routing your nessus scans around a lot, or scanning your
infrastructure (routers, switches, firewalls) devices too heavily.

Obviously if you don't run in safe mode you have even more potential
problems, but I already assumed that nobody sane would do that on a
production network.

I have also "heard" (this is code for "I can't remember where I heard it,
nor can I back it up from my own experience") that some hosts or servers
have had problems with safe nessus scans and crashed anyway.

As for the rest of the thread, I'll shut up now that there has been a decent
discussion - I was terrified that the poster would go and evaluate nothing
but ISS and Cybercop - which is probably not a good plan.

General points that I would like to underline:

- VA can't yet replace a smart security person in terms of turning scan
results into sensible risk management and remediation.

- The whole VA space is still evolving. Event correlation, distributed
scanning, automatic remediation and early attempts at intelligent risk or
threat assessment are already out there from a number of vendors.

- No tool is perfect, and while everyone is working to reduce false
positives and false negatives, writing checks that don't crash things is
actually pretty hard. Don't assume that your tool is giving you the gospel.

I.E. what in particular should one be concerned 
about? [...]

Please enlighten me if I am astray.


At some point, Ben Nagy spewed:


Spewed? ;)

You should look at Retina as well. For freeware, Nessus is

also cool,

but I, personally, would be very careful running it on production 
networks (we often recommend that people use nessus as a

complement to

Retina, but it does have a habit of freaking out networks).


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: commercial va, (continued)
- Re: commercial va R. DuFresne (Apr 16)
- Re: commercial va Anton A. Chuvakin (Apr 16)
  - Re: commercial va Mark Gumennik (Apr 16)
    - Re: commercial va Anton Chuvakin (Apr 17)
    - Re: commercial va Mark Gumennik (Apr 17)
- Re: commercial va Andy Cuff [Talisker] (Apr 16)
  - Re: commercial va Gary Flynn (Apr 16)
  - Re: commercial va Mark Teicher (Apr 17)
- Re: commercial va Mark Gumennik (Apr 16)
- RE: commercial va Behm, Jeffrey L. (Apr 16)
  - RE: commercial va Ben Nagy (Apr 17)
- RE: commercial va Kalat, Andrew (ISS Atlanta) (Apr 16)
- RE: commercial va Darden, Patrick S. (Apr 17)