From: Haseeb Chaudhary (haseeb.chaudhary@viacom-outdoor.co.uk)
Date: Tue Mar 02 2004 - 03:29:29 EST
For Windows machines I use Nessus aswell as MS Baseline Analyser to cross
reference the results. I do find some false positives but overall the
results are very useful for patching purposes.
-Haseeb
-----Original Message-----
From: wirepair [mailto:wirepair@roguemail.net]
Sent: 27 February 2004 19:39
To: pen-test@securityfocus.com
Subject: Vulnerability Scanning
lo all,
After reviewing some scan results and finding a number of false positives
from nessus (primarly in XP hosts), I began to become a
bit more concerned than I already was.
This is in no way reflecting upon nessus's ability to find vulnerabilities
and I truely believe all scanners have these issues.
The question is, what does everyone else do about this? Obviously scanners
are never going to be 100% accurate. So I started
to think of ways of checking if these vulnerabilities exist or not. First
using a known exploit obviously gives a more accurate
analysis, but known exploits aren't always available. Yes I can write my own
for said vulnerability but sometimes this isn't
exactly
possible, for instance some vulnerabilities require a user to say click on a
malicious link, which isn't always feasible when
testing 300 workstations. So what else can we do? Check the registry
manually, this is an option but very time consuming, does
anyone actually do this??? At this point I believe I'm going to have to
start trying. Does anyone simply say, some of these are
false positives and we can't do anything about it? I highly doubt a client
will like to hear that. Also some vulnerabilities are
simply too dangerous, windows vulnerabilities in particular that can cause
the host to reboot. Not every vulnerability is
perfectly
exploited. So what are the other options people use/feel comfortable with?
Thanks for any responses...
-wire
-- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- ---------------------------------------------------------------------------- ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_pen-test_040201 ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:49 EDT