From: Amit (amit.deshmukh@security-assessment.com)
Date: Sun Feb 12 2006 - 23:09:48 EST
My comments below guys.
>There was a query I had initiated on qualysguard sometime back(late last year) on the list, and quite frankly, the replies generated showed qualysguard in a poor light. As did our own assesment of it. One big problem we saw (and someone else on the list confirmed) was that qualys does have access to your vulnerability data - as in read/view capability - one of the mails that came back to us(from qualys personnel) asked if we wanted help on an aborted scan.
>
>
I have worked quite closely with Qualys support and can confirm they do
not have access to your scan/vuln data. They however get notified of
failed scans via the platform and hence the support email to you
Prasanna. All scan results are stored in encrypted format within the
database and are only accessible via your credentials and support has no
knowledge of these.
>There were a host of other problems with its performance - the scanning being very very slow, b'cos of it happening via the internet. So, if you're looking at a huge network, its going to be slow. We benchmarked it against Nmap, and frankly it was a no-contest.
>
>regards,
>Prasanna
>
>
>
There are options that will let you throttle scan speends. So you really
need to look at what options you chose while doing scans. Internet based
scanning only occurs for Internet facing hosts. For internal hosts you
need to purchase an appliance that would be located on your internal
network. The appliance performance parameters can also be configured. In
my experience I have always had to slow down the scan in order to ensure
no network devices get bumped off due to scan packets.
David, to answer your question, one of our clients who was trialling
qualysguard accidentally set off a scan of a class A network and went
home and returned the next morning to find about 80,000 hosts scanned :)
Amit.
>________________________________________
>From: David M. Zendzian [mailto:dmz@dmzs.com]
>Sent: Wed 2/8/2006 11:35 AM
>To: US Infosec
>Cc: pen-test@securityfocus.com
>Subject: Re: Qualys
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>And just for the lists knowledge, what products did you find that could
>deliver on a class A assessment?
>
>BTW, I know of several national and multi-national financial
>institutions that depend on n-circle, doing both regular sweeps around
>their network as well as tying into their dhcp servers to scan hosts as
>they "go-live".
>
>dmz
>
>
>
>
>
e-mail protected and scanned by Bizo Email Filter - powered by Advascan
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:30 EDT