Re: MBSA scanner

[Matt Wagenknecht <matt.wagenknecht () quantum com>]

I agree with Eric.. I also use FoundScan from Foundstone. It is by far 
the fastest and most accurate at host OS identification and 
vulnerability accuracy.

I am responsible for a network encompassing over 30,000 potential IP 
addresses with an average of 4,000 live hosts. I was tasked with 
identifying what our OS inventory was. Since we are not using any 
client-side inventory management software, the only option was remote 
identification. Using Foundscan with a 30,000 host target range, I was 
able to identify the OS on 4,200 hosts that were live at that time in 
about 3 hours.. It took NMap 3 hours to do just my local subnet of 8,000 
IPs (can't remember how many were live, >1000).  A follow-up inventory 
verified a >95% accuracy (we have several devices on our network that 
are "home grown").

I know the original posting was regarding vuln scanners. NMap is not a 
vuln scanner and FoundScan was not scanning for vulns in this example, 
but it shows with real-world numbers that FoundScan is fast.. very 
fast.. It looks for vulns with the same speed and accuracy. 

You should see the numbers for a service and service version inventory 
scan.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Matt Wagenknecht                          CISSP  |  MCSE
Sr. Security Administrator
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Never be afraid to try something new.
Remember, amateurs built the ark; professionals built the Titanic.

This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this email message.



Gibson, Eric wrote:

> We just finished a long comparative evaluation of Eeye, Foundstone,
> Tenable, Nessus and ISS. After much consideration we concluded that
> Foundstone fit our needs best, while still using Nessus for bulk scans.
> We used to use ISS but switched because the product has not kept up with
> others. Nessus is still a great scanner, and you cannot beat the price. 
>
> I am surprised that FoundStone has not come up in the recommendations so
> far. 
>
> Eric Gibson
>
> -----Original Message-----
> From: Peter Wood [mailto:peterw () firstbase co uk] 
> Sent: Tuesday, April 20, 2004 7:00 AM
> To: pen-test () securityfocus com
> Subject: [BULK] - RE: MBSA scanner
>
> We have also moved our allegience to eEye Retina from ISS. It works very
>
> well and is the best commercial scanner we've used. We also use Core
> Impact 
> for real exploits, which is a great tool IMHO.
>
> Pete
>
> At 15:58 19/04/2004 -0500, Steve Goldsby \(ICS\) wrote:
> >We've moved all our business from ISS Scanner to Retina.
> >
> >Nessus is still the favorite for cost effictive, high coverage
> scanning,
> >but for a commercial product that seems to gain favor with enterprise
> >clients, eEye is the way to go.
> >
> >
> >Steve Goldsby
> >www.networkarmor.com
> >
> >
> >-----Original Message-----
> >From: Nick Duda [mailto:nduda () VistaPrint com]
> >Sent: Monday, April 19, 2004 1:30 PM
> >To: e247net; pen-test () securityfocus com
> >Subject: RE: MBSA scanner
> >
> >eEye Retina is great. Quick on the updates also.
> >
> >- Nick
> >
> >-----Original Message-----
> >From: e247net [mailto:e247net () hotmail com]
> >Sent: Saturday, April 17, 2004 4:34 AM
> >To: pen-test () securityfocus com
> >Subject: MBSA scanner
> >
> >Hi all
> >
> >Microsoft baseline scanner cannot work since all the default shares
> are
> >disable.
> >Isn't this be the case for a secure LAN ? Anyway, plse suggest any
> >alternatives open source tools for conducting vulnerability test in a
> >LAN typical windows machines.
> >Thanks
> >
> >I have on hand now using nessus, but would like to have another tool.
> >
> >Best Regards,
> >
> ------------------------------------------------------------------------
> --------------------------------------------------------
>
> Peter Wood FBCS CITP MIMIS MIEEE
> Chief of Operations
> First Base Technologies
> +44 (0)1273 454525
> www.fbtechies.co.uk
> www.white-hats.co.uk
>
>
> ------------------------------------------------------------------------
> ------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> -------
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>  

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------