Re: Qualys

From: Gail Thorpe (gail@sec-tec.co.uk)
Date: Thu Feb 09 2006 - 11:29:26 EST

• Next message: Edmond Chow: "RE: Penetration test of 1 IP address"
• Previous message: Buz Dale: "Re: Penetration test of 1 IP address"
• In reply to: Justin Ferguson: "Re: Qualys"
• Next in thread: Curt Purdy: "Re: Qualys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well, if we are going to get picky about terminology, surely a Class A
environment means a network with a Class A subnet configured, not
necessarily one with any particular number of hosts. Ever seen a 10.X.X.X
network with three hosts on it? I have.

The devil is in the detail, so be careful.

----- Original Message -----
From: "Justin Ferguson" <jnferguson@gmail.com>
To: "Byron Sonne" <blsonne@rogers.com>
Cc: "US Infosec" <usinfosec@gmail.com>; <pen-test@securityfocus.com>
Sent: Thursday, February 09, 2006 4:19 AM
Subject: Re: Qualys

> Everyone seems to have missed what I think was his/her's point. He
> asked the *technical* contact if they had every deployed in a Class A
> environment (aka 16 million hosts), and he/she responded 'sure we've
> supported clients with 60 thousand hosts!' (which isn't even a class b
> btw), and the technical ignorance of their technical person is what
> closed the door for ncircle. Or at least that is what I get out of his
> email, not 'please tell me how i should deploy a vulnerability scanner
> in my network' but rather a dialogue on the technical competence of
> the employee's.
>
>
>
> On 2/8/06, Byron Sonne <blsonne@rogers.com> wrote:
>> Greetings,
>>
>> > nCircle came to do a demonstration for my team once. I work in an
>> > enviornment that has a full routable class A. I asked the technical
>> > guy there if they had ever deployed their appliances in a Class A
>> > enviornment and he said sure we have supported clients with 60K hosts.
>> > That was the end of our consideration.
>>
>> How long ago did you give it a demo? That sounds like it must have been
>> a good while ago, or perhaps there was a mis-understanding of some sort.
>>
>> For folks with class A networks, something that big you'd deploy
>> multiple units of our product as per our product architecture and
>> design, as most orgs of that kind of size have done.
>>
>> If you like, I could put you in touch with someone inside the company
>> that could discuss any issues you had. If I may ask, who did you opt to
>> go with instead of nCircle?
>>
>> Cheers,
>> Byron
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>> Hackers are concentrating their efforts on attacking applications on your
>> website. Up to 75% of cyber attacks are launched on shopping carts,
>> forms,
>> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
>> are
>> futile against web application hacking. Check your website for
>> vulnerabilities
>> to SQL injection, Cross site scripting and other web attacks before
>> hackers do!
>> Download Trial at:
>>
>> http://www.securityfocus.com/sponsor/pen-test_050831
>> -------------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
> are
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before
> hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>

__________________________________________________________________________
The contents of this e-mail are confidential and are intended solely for
the use of the person to whom they are addressed. If you are not the
intended recipient of this message please notify the sender and delete it
immediately, disclosure of its content to any other person is prohibited
and may be unlawful. Sec-Tec does not accept any responsibility for
viruses and it is your responsibility to scan the e-mail and attachments.
Any liability arising from any third party acting on information contained
in this e-mail is hereby excluded.
--------------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Edmond Chow: "RE: Penetration test of 1 IP address"
• Previous message: Buz Dale: "Re: Penetration test of 1 IP address"
• In reply to: Justin Ferguson: "Re: Qualys"
• Next in thread: Curt Purdy: "Re: Qualys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT