Re: Vulnerability scanners

From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)
Date: Thu Mar 27 2003 - 16:31:10 EST

• Next message: Rob Shein: "RE: Vulnerability scanners"
• Previous message: Ken Smith: "RE: Vulnerability scanners"
• In reply to: Jeff Williams @ Aspect: "Re: Vulnerability scanners"
• Next in thread: Rob Shein: "RE: Vulnerability scanners"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi ya

On Thu, 27 Mar 2003, Jeff Williams @ Aspect wrote:

> Let's assume that you're talking about 256 IPs (based on Qualys' published
> pricing), and you want to scan weekly. That's at least a day a week of

their "mail server scanning" is pointless ??? ( when we tried it out )
        - just a bunch of dictionary names for your-domain.com

vulnerability scanning and pen-testing ...
        - you can do quickie tests..
        ( few minutes - couple hours )

        - you can and SHOULD do it every time something changed
        ( incremental costs should be minimal )

        - you should go back and see what other vuln tests you or your
        other hired testors didnt check earlier...
        ( few days, few weeks )

        - repeat round and round

- most of the scanning can be automated

- think one can also apply all the scriptkiddie scripts automatically ??

- automation is the key ... people will get tired of running the same
  repeatative tests

> effort for someone (probably more to generate a very nice report and
> summaries). The cost of a full-time sysadmin (including salary, benefits,
> office, etc...) probably costs well north of $100K. You'd have to include
> some equipment costs in there. So I doubt you could do it much cheaper.
> I think vulnerability scanning is a reasonable thing to outsource for
> companies that are not in the security or networking field already.

you do need a qualified testor ... newbies wont knwo what to look for
and how to test it ..

i'd say a good vulnerability scanner and pen-testor would run
$150K in salaries + double it for insurance, benefits, office space,
phones, lab, PCs, test archives, etc
        plus probably an additional knowledgeable secretary to type up
        pretty reports and attachements

"good" == they can find the obvivious holes... in a matter of minutes
        - break into any pc running sendmail earlier than 8.12.8
        - break into any apache w /443 left on
        - break into wireless sites w/ telnet/ftp/pop3 left on inside
        ... blah .. blah ..

c ya
alvin

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

• Next message: Rob Shein: "RE: Vulnerability scanners"
• Previous message: Ken Smith: "RE: Vulnerability scanners"
• In reply to: Jeff Williams @ Aspect: "Re: Vulnerability scanners"
• Next in thread: Rob Shein: "RE: Vulnerability scanners"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:31 EDT