RE: Distributed Vulnerability Scanners

["Kohlenberg, Toby" <toby.kohlenberg () intel com>]

I've heard a couple people mention scanning services that offer
appliances that you can bring in house, but do those actually run
in a distributed fashion?

For this case, here's the definition I'd use for distributed:
from a single console, I am able to set up a scan across a block of
IP addresses, those addresses are then automatically split up according to some
rules (by subnet or whatever) and sent out to scanning systems that
are responsible for scanning those groups of IPs. They run the scans
and send the results back to the central server.

The central server should also be able to push test updates down to the
scanning systems.

Maybe in an ideal world the scan jobs would have an approval path that
would check with the owner of the network/environment about to be scanned
before executing it. Or at least give them a day or two to object before
running the scan.

It's easy to set up a single box that is remotely managed and does all the
scanning for an environment, but that doesn't work so well when some of your
networks are at the other end of slow or expensive links.

toby

> -----Original Message-----
> From: Gideon Rasmussen, CISSP [mailto:gideon () infostruct net]
> Sent: Thursday, March 06, 2003 11:41 AM
> To: Greg Reber
> Cc: Talisker; pen-test () securityfocus com
> Subject: Re: Distributed Vulnerability Scanners
>
>
> In the past, I have used VIGILANTe SecureScan. They are a subscription
> based vulnerability assessment service. For an annual fee, you can
> execute scans as often as once per day. Their reports are 
> quite detailed
> (i.e. whois lookups, findings, severity levels, w/corresponding
> advisories/fix actions). From what recall, they are based on 
> ISS, Nmap,
> a few other hacking tools, and home grown scripts. In 
> addition to their
> service, they offer software too. I'm probably not doing them justice,
> if you are interested, please refer to their site
> (http://www.vigilante.com).
>
> If you have any questions or comments, please do not hesitate 
> to contact
> me. Thank you.
>
> Gideon
>
> Gideon Rasmussen, CISSP
> Celebration, FL
> gideon () infostruct net
> 321-939-1526
>
> Greg Reber wrote:
> > Andy - check out Qualys (www.Qualys.com ) and nCircle 
> (www.ncircle.com)
> > -greg
> >
> > The information in this email is likely confidential and 
> may be legally
> > privileged. It is intended solely for the addressee. Access 
> to this email by
> > anyone else is unauthorized. If you are not the intended 
> recipient,  any
> > disclosure, copying, distribution or any action taken or 
> omitted to be taken
> > in reliance on it, is prohibited and may be unlawful.
> >
> > -----Original Message-----
> > From: Talisker [mailto:talisker () networkintrusion co uk]
> > Sent: Wednesday, March 05, 2003 2:56 PM
> > To: pen-test () securityfocus com
> > Subject: Distributed Vulnerability Scanners
> >
> > Hi
> > I'm looking for vulnerability scanners that will do their 
> business remotely,
> > especially useful for distributed networks with low 
> bandwidth or managed
> > services.
> >
> > I only know of 3:
> > Lightning Proxy
> > http://www.tenablesecurity.com/proxy.html
> >
> > Nessus
> > http://www.nessus.org/features.html
> >
> > Retina
> > http://www.eeye.com/html/Products/Retina/index.html
> >
> > Does anyone know of any more, I would suggest that this 
> excludes web based
> > scanners like shieldsup etc as they don't resolve the 
> bandwidth issue, was
> > the problem with shieldsup (demonstrated at BlackHat Europe 
> 2001) ever
> > resolved whereby you could use it to scan anyone you wished??
> >
> > Anyway the list when completed will appear here, though 
> it's not on the site
> > navigation yet.
> > http://www.networkintrusion.co.uk/dist.htm
> >
> > Sorry about the amount of posts of late but I have been on 
> vacation and
> > therefore have time to read my email.
> >
> > take care
> > -andy
> > Taliskers Network Security Tools
> > http://www.networkintrusion.co.uk
> --------------------------------------------------------------
> --------------
> > Are your vulnerability scans producing just another report?
> > Manage the entire remediation process with StillSecure VAM's
> > Vulnerability Repair Workflow.
> > Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
> --------------------------------------------------------------
> --------------
> > Are your vulnerability scans producing just another report?
> > Manage the entire remediation process with StillSecure VAM's
> > Vulnerability Repair Workflow.
> > Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
>
>
> --------------------------------------------------------------
> --------------
>
> Are your vulnerability scans producing just another report?
> Manage the entire remediation process with StillSecure VAM's
> Vulnerability Repair Workflow.
> Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html

----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html