Re: Qualys

["Amit" <amit.deshmukh () security-assessment com>]

My comments below guys.

> There was a query I had initiated on qualysguard sometime back(late last year) on the list, and quite frankly, the replies generated showed qualysguard in a poor light. As did our own assesment of it. One big problem we saw (and someone else on the list confirmed) was that qualys does have access to your vulnerability data - as in read/view capability - one of the mails that came back to us(from qualys personnel) asked if we wanted help on an aborted scan. 
>  
I have worked quite closely with Qualys support and can confirm they do 
not have access to your scan/vuln data. They however get notified of 
failed scans via the platform and hence the support email to you 
Prasanna. All scan results are stored in encrypted format within the 
database and are only accessible via your credentials and support has no 
knowledge of these.

> There were a host of other problems with its performance - the scanning being very very slow, b'cos of it happening via the internet. So, if you're looking at a huge network, its going to be slow. We benchmarked it against Nmap, and frankly it was a no-contest. 
>
> regards,
> Prasanna
>
>  
There are options that will let you throttle scan speends. So you really 
need to look at what options you chose while doing scans. Internet based 
scanning only occurs for Internet facing hosts. For internal hosts you 
need to purchase an appliance that would be located on your internal 
network. The appliance performance parameters can also be configured. In 
my experience I have always had to slow down the scan in order to ensure 
no network devices get bumped off due to scan packets.

David, to answer your question, one of our clients who was trialling 
qualysguard accidentally set off a scan of a class A network and went 
home and returned the next morning to find about 80,000 hosts scanned :)

Amit.

> ________________________________________
> From: David M. Zendzian [mailto:dmz () dmzs com]
> Sent: Wed 2/8/2006 11:35 AM
> To: US Infosec
> Cc: pen-test () securityfocus com
> Subject: Re: Qualys
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> And just for the lists knowledge, what products did you find that could
> deliver on a class A assessment?
>
> BTW, I know of several national and multi-national financial
> institutions that depend on n-circle, doing both regular sweeps around
> their network as well as tying into their dhcp servers to scan hosts as
> they "go-live".
>
> dmz
>
>  
>
>  


e-mail protected and scanned by Bizo Email Filter - powered by Advascan



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------