IDS mailing list archives
Re: Cisco CTR
From: Renaud Deraison <deraison () nessus org>
Date: Wed, 19 Nov 2003 13:32:02 -0500
On Mon, Nov 17, 2003 at 05:40:30PM -0500, Martin Roesch wrote:
What NeVO does not do though, is to draw a topology map based on the number of hops separating the sensor from the remote hosts, since this is only 1d data, and adding a 2nd or 3rd dimension to it relies on best guesses, and in the end it does not reflect the reality.You can infer a number of interesting things from looking at MAC addresses, hop data, peer information and so on. In the general case the information will be accurate, in some cases it will not, it's still interesting and useful for certain applications.
The map you get is mostly inaccurate in terms of network _topology_. Have a look at the screenshot on your website - it basically shows that groups of hosts are <N> hops away, and that your router actually has two NICs. It looks very nice, though.
Finally, keep in mind that NeVO is really just a sensor and that it's best to exploit its data with our Lightning Console, otherwise I understand that the amount of information might be difficult to grasp.We can see the value of having a process that identifies new/changed things to be fully explored by active vulnerability scanners
So do we, that's why we suggest using NeVO in conjunction with the lightning console.
I don't doubt that you can do similar things with Nevo, it just seems that the emphasis and focus of your product is in a different direction than ours. If that's not the case I'm sure that everyone here would enjoy being enlightened as to what you guys are up to with your product.
You are absolutely right - NeVO is a passive vulnerability scanner, with all what it implies (get the list of open ports, guess the operating system, determine who is talking to who, and finally show the list of vulnerabilities we actually think are vulnerabilities). Ie, to paraphrase the marketing about RNA : . Network Asset Profiles . Asset Behavioral Profiles (with Lightning) . Security Vulnerabilities . Change Events (with Lightning) Note that for security vulnerabilties, we actually consider that people do sometimes apply patches, so we don't just do an OS lookup in a vulnerability database to report all the flaws that ever happened for that particular OS release. This is prone to false negatives but this is how we market NeVO - it's a tool to "get the temperature" of the security of a network, not to get a list of all the hypothetical flaws that might eventually be on the network. I hope this clear things up, -- Renaud --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: Cisco CTR, (continued)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 20)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Renaud Deraison (Nov 20)
- Message not available
- Re: Cisco CTR Mark Teicher (Nov 20)
- Re: Cisco CTR Ron Gula (Nov 20)
- RE: Cisco CTR David J. Meltzer (Nov 25)
- Re: Cisco CTR Martin Roesch (Nov 27)