RE: Nessus - open or closed source?

From: Jason Baeder (jason_baeder@yahoo.com)
Date: Wed Nov 09 2005 - 10:06:04 EST

• Next message: ilaiy: "Re: network informations brought by cdp"
• Previous message: sec nerd: "Question on iisstart.asp"
• In reply to: Miller, Joseph A: "RE: Nessus - open or closed source?"
• Next in thread: Justin.Ross@signalsolutionsinc.com: "Re: Nessus - open or closed source?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I have to wholeheartedly agree. I work for a major government
contracting on site at a civilian agency (the government is composed of
more than just DoD). One of the other teams here uses Nessus
exclusively. Nobody objects to that. ISS Internet Scanner was already
installed for my team when I arrived. We have also used Nessus as a
check against ISS. In fact, there was a case when ISS identified
something nasty. A detailed investigation of the system under question
showed the alert was a false positive. But I couldn't understand why
ISS would produce this false positive. A Nessus run against the same
system came up with...nothing wrong. Moreover, I was able to look at
the NASL code and see what Nessus was really looking for, and to
reproduce that manually. Short of putting a sniffer in-line in front
of ISS, I'll never know what ISS is looking for [as far as this one
issue is concerned].

I can make the same point with IDS: ISS and SNORT. But that point has
been made many times before as well.

Jason

--- "Miller, Joseph A" <joseph.miller@eds.com> wrote:

> Justin,
>
> I'm breaking into this thread late in the game. In 'reality' it does
> not
> matter if it is trash or not. Because we all run as many tools as
> possible. Does Nessus hit on something that ISS missed, yes
> sometimes,
> does ISS hit something that Nessus missed... Yes sometimes... Doing
> due
> diligence and using all the tools you can find to help in your quest
> to
> perform whatever task you may be performing with these tools, the
> presence of the option to use it, and see if it helps is better than
> nothing. Even one or two of this happening will make the case for
> having
> more than one assessment tool.

                
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: ilaiy: "Re: network informations brought by cdp"
• Previous message: sec nerd: "Question on iisstart.asp"
• In reply to: Miller, Joseph A: "RE: Nessus - open or closed source?"
• Next in thread: Justin.Ross@signalsolutionsinc.com: "Re: Nessus - open or closed source?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:09 EDT