Penetration Testing mailing list archives
RE: Distributed Vulnerability Scanners
From: "Ken Smith" <ksmith () akibia com>
Date: Sun, 9 Mar 2003 15:41:59 -0500
Qualys provides access to a vulnerability scanning solution that is hosted by them. They do not take over management of the scans, it's self-service. They do have an appliance that you can setup on a LAN or Intranet which then allows the scanning of those networks. The results are sent back to the Qualys-hosted system (database). Everything is done from the web interface to their hosted solution. Multiple appliances can be deployed, but they cannot be setup in a multi-tiered manner. They all report back to the Qualys-hosted system via the net. -Ken -----Original Message----- From: Talisker [mailto:talisker () networkintrusion co uk] Sent: Sun 3/9/03 6:46 AM To: Greg Reber; pen-test () securityfocus com Cc: Subject: Re: Distributed Vulnerability Scanners Hi Greg Thanks for responding to my query I visited the Qualys website and it refers to providing a service. I was also under the impression that Qualys whilst a managed service provider also offered the appliance for use wholly by the customer. If we're correct in this assumption any idea where I can find the info. The dark side (Marketeers) have ravished both the nCircle and Qualys websites to such a degree that it is hard to find technical detail amidst all the hype, especially regarding how they manage their scanning agents remotely. (though after a week on this one, I'm starting to become web blind) Just to highlight to the list my original mail was looking for tools that could be used by a managed service in a distributed fashion NOT for the managed services themselves. take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Greg Reber" <greg.reber () astechconsulting com> To: "Talisker" <talisker () networkintrusion co uk>; <pen-test () securityfocus com> Sent: Thursday, March 06, 2003 6:26 PM Subject: RE: Distributed Vulnerability Scanners
Andy - check out Qualys (www.Qualys.com ) and nCircle (www.ncircle.com) -greg The information in this email is likely confidential and may be legally privileged. It is intended solely for the addressee. Access to this email
by
anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be
taken
in reliance on it, is prohibited and may be unlawful. -----Original Message----- From: Talisker [mailto:talisker () networkintrusion co uk] Sent: Wednesday, March 05, 2003 2:56 PM To: pen-test () securityfocus com Subject: Distributed Vulnerability Scanners Hi I'm looking for vulnerability scanners that will do their business
remotely,
especially useful for distributed networks with low bandwidth or managed services. I only know of 3: Lightning Proxy http://www.tenablesecurity.com/proxy.html Nessus http://www.nessus.org/features.html Retina http://www.eeye.com/html/Products/Retina/index.html Does anyone know of any more, I would suggest that this excludes web based scanners like shieldsup etc as they don't resolve the bandwidth issue, was the problem with shieldsup (demonstrated at BlackHat Europe 2001) ever resolved whereby you could use it to scan anyone you wished?? Anyway the list when completed will appear here, though it's not on the
site
navigation yet. http://www.networkintrusion.co.uk/dist.htm Sorry about the amount of posts of late but I have been on vacation and therefore have time to read my email. take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk --------------------------------------------------------------------------
--
Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- RE: Distributed Vulnerability Scanners, (continued)
- RE: Distributed Vulnerability Scanners Erik Birkholz (Mar 06)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 06)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 09)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners Kohlenberg, Toby (Mar 06)
- Re: Distributed Vulnerability Scanners Renaud Deraison (Mar 07)
- RE: Distributed Vulnerability Scanners Rapaille Max (Mar 07)
- Re: Distributed Vulnerability Scanners sacha . faust . bourque (Mar 07)
- Re: Distributed Vulnerability Scanners spectom (Mar 11)
- RE: Distributed Vulnerability Scanners Sunny Chowdhury (Mar 09)
- RE: Distributed Vulnerability Scanners Ken Smith (Mar 11)
- Re: Distributed Vulnerability Scanners Preston (Mar 11)