Penetration Testing mailing list archives
Re: Online Scanning Services Vrs. Stand Alone Applications
From: oherrera <oherrera () Prodigy Net mx>
Date: Thu, 27 Feb 2003 10:12:45 -0500
Hi Alfred, I did some research on this for my former employer; the results are not online though but I will commment: Main disadvantages: a)the level of intrusiveness and information leaks. With online scanners you will end with someone else (third party) having detailed information on your vulnerabilities. This is simply not an option for some financial and governamental institutions (they require full control). b) With most products you end up with scanning probes comming through the net from and to fixed points. If someone in between is listening it may discover the types of attacks and even the results (for example your ISP or the ISP of your online scanning provider). There are alternatives such as scan engines appliances which is the case of Qualys, I'm not sure of Vigilante or FoundStone's FoundScan but it probably is too. With these appliances the scanning process takes place inside your borders and results are then sent encrypted to the provider; there is no much "online" on this process though but I believe it is more secure and also allows you to scan internal server in security zones. c) You are limited to scan only servers visible from the outside Main advantages: scan frecuency and correlation. The idea behind online scanning is doing scans as frequently as possible. Instead of scanning your servers once a month you could do it almost daily. This allows you to use the scanner's results with the patch management process (it will tell you what was patched and when). Also, by reducing the time gap you are able to react faster; In a worst case scenario with traditional scanning (say you scan your servers once a month), a new vulnerability might arise the day after your last scan. You either do another scan after upgrading your scanner's signatures or wait until the next month. With the appliance technology I believe that the advantages are mantained while the disadvantages of traditional online scanning are reduced. I hope this helps... Omar Herrera
Hey all, I have a question, which is two fold. First can anyone point me to comparison articles of online scanners (such as Foundstone) vrs. standalone applications such as ISS? I am looking for technical comparisons not a treatise on the benefits of someone managing your scanning for you or not. The second part of the question is, are their any technical advantages between the two setups? I understand this overlaps with the first question but I ask this after having searched for good writeups and came out with very little. -al Alfred Huger Symantec Corp. ---------------------------------------------------------- ------------------ <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A>
---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A>
Current thread:
- Online Scanning Services Vrs. Stand Alone Applications Alfred Huger (Feb 26)
- RE: Online Scanning Services Vrs. Stand Alone Applications Filipe Custodio (Feb 27)
- Re: Online Scanning Services Vrs. Stand Alone Applications Fernando Martins (Feb 28)
- <Possible follow-ups>
- RE: Online Scanning Services Vrs. Stand Alone Applications Danny (Feb 27)
- Re: Online Scanning Services Vrs. Stand Alone Applications Gene Yoo (Feb 28)
- Re: Online Scanning Services Vrs. Stand Alone Applications oherrera (Feb 27)
- RE: Online Scanning Services Vrs. Stand Alone Applications Davi Ottenheimer (Feb 28)