RE: Online Scanning Services Vrs. Stand Alone Applications

From: Danny (Danny@drexel.edu)
Date: Wed Feb 26 2003 - 17:23:01 EST

• Next message: Filipe Custodio: "RE: Online Scanning Services Vrs. Stand Alone Applications"
• Previous message: Brett Moore: "The Building Of An Exploit String"
• Maybe in reply to: Alfred Huger: "Online Scanning Services Vrs. Stand Alone Applications"
• Next in thread: Gene Yoo: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Reply: Gene Yoo: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've not seen a comparison, but in my opinion remote scanning is a waste of time and money for large networks such as anything over a class C.

Having someone do a full vulnerability scan remotely over your entire IP space takes a lot of time and a lot of bandwidth, if a company is on a T1 it could take several hours and may impact the performance of their corporate link.

Having said that, if someone was to come up with a semi remote scanning option for a managed service it may be a little more feasible. By semi remote I mean the scanning company has an agent on the local LAN which handles the actual scanning and simply reports back to an offsite database for analysis.

Currently we are using SecureScanNX from vigilante.com. This tool allow us to do full vuln scans of our entire network, we have agents placed at various points of the network which handle the scanning for their network segments and report back to a controlling terminal, doing this stops us from flooding our WAN/MAN links and keeps the scans times down relatively low.

Cheers
Danny
Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc
 

- -----Original Message-----
From: Alfred Huger [mailto:ah@securityfocus.com]
Sent: Wednesday, February 26, 2003 4:06 PM
To: pen-test@securityfocus.com
Subject: Online Scanning Services Vrs. Stand Alone Applications

Hey all,

I have a question, which is two fold. First can anyone point me to
comparison articles of online scanners (such as Foundstone) vrs.
standalone applications such as ISS? I am looking for technical
comparisons not a treatise on the benefits of someone managing your
scanning for you or not.

The second part of the question is, are their any technical advantages
between the two setups? I understand this overlaps with the first question
but I ask this after having searched for good writeups and came out with
very little.

- -al

Alfred Huger
Symantec Corp.

- ----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPl0+/Gb1zPz07fHgEQKNMgCZAWiZsphU4AWefT4ZVXUl9oABhw0AnjPA
8yiC4zH8B+tKwm6COkxg34Ed
=Z1G+
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>

• Next message: Filipe Custodio: "RE: Online Scanning Services Vrs. Stand Alone Applications"
• Previous message: Brett Moore: "The Building Of An Exploit String"
• Maybe in reply to: Alfred Huger: "Online Scanning Services Vrs. Stand Alone Applications"
• Next in thread: Gene Yoo: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Reply: Gene Yoo: "Re: Online Scanning Services Vrs. Stand Alone Applications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:29 EDT