Re: so, is I[dp]S a STUPID technology?

[Paul Schmehl <pauls () utdallas edu>]

--On Tuesday, October 11, 2005 20:03:46 -0400 Valdis.Kletnieks () vt edu wrote:

> On Tue, 11 Oct 2005 17:13:35 CDT, Paul Schmehl said:
> > If you can recommend an *enterprise* capable vulnerability scanner (IOW
> > one  that I can schedule massive scanning events for a class A *and*
> > class B  network and then go look at the results when I have time)
>
> How much of that class A is *actually* used?  Your site can't be *that*
> much bigger than ours, and we fit (mostly) into 2 /16s.
I doubt we have as many live nodes as you do.  Somewhere in the 
neighborhood of 10,000 or so, not counting the student residence halls 
(which is an untrusted, firewalled cloud.)

> If you insist on scanning 2**24 addresses to find 2**16 hosts, that's
> your business. But you're working 256 times too hard. ;)
And I'd be pretty dumb too, wouldn't I?  But seriously, even scanning live 
nodes takes time, and scanning 10,000 of them takes a *lot* of time.
> There was this nice Nessus framework from Purdue, I don't have the URL
> handy at the moment.  Basically had a front end box that load-balanced
> across a bunch of Nessus scanning engines.  Costs twice as much as the
> base Nessus. ;)

You mean *used to*.  Nessus isn't free any more.  I'll rummage around on 
the Purdue site.  But you should know that tools aren't the only problem. 
Time is too.  There's only two of us doing this work, and va isn't our only 
responsibility.

How many bodies do you have in security?

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.