Home page logo
/

basics logo Security Basics mailing list archives

RE: Vulnerability Scanning - Prioritising Remediation
From: Dominick Birolin <Dominick.Birolin () naeallc com>
Date: Thu, 22 Sep 2011 11:04:02 -0400

We use Nessus professional feed. While it is good I have seen better. You simply cannot beat the price of Nessus and it 
will get the job done. I think it really depends on the budget you have available. 

Regards,
Dominick J. Birolin
Network Engineer / Cyber Security
Desk    732-623-8896
Mobile 732-429-2961
Fax      732-623-8897
North American Energy Alliance LLC
99 Wood Avenue South Suite 200 
Iselin, NJ 08830
Please consider the environment before printing this email.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mikhail A. Utin
Sent: Wednesday, September 21, 2011 2:02 PM
To: John Morrison; J Teddy
Cc: Securuty Basics Mailing List
Subject: RE: Vulnerability Scanning - Prioritising Remediation

It all depends on your IDS/IPS configuration and vulnerability scanner as well. Sometimes you even cannot change 
features you do not want at all (see below).
 VSs (and port scanners as well) use SYN half-open.  So, IDS/IPS can react on SYN packets as "SYN flood" and block 
them. Thus, a part of port scanning could be disabled.
Some appliance, for instance SonicWALL, can make your life miserable by disabling both scanning and entire network. 
SonicWALL IDS cannot be removed if comes together with firewall in one appliance. If IPS is enabled (having license) 
then it will block your SYN packets (unless configured otherwise). If IPS is disabled (say, no license for) then IDS 
will be active anyway. It has limited stack for all TCP connections (16K) and will be overloaded by SYN packets pretty 
fast (depends on "insanity" of port scanning). Thus, all other your local network TCP connections will be dropped by 
IDS. No Internet, no email, etc.
That is the example how IDS can affect scanning, and local network as well.

Mikhail A. Utin, CISSP


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Morrison
Sent: Wednesday, September 21, 2011 4:20 AM
To: J Teddy
Cc: Securuty Basics Mailing List
Subject: Re: Vulnerability Scanning - Prioritising Remediation

If you have an IPS as part of your security system should you not scan with it switched on? It is one of your controls. 
If you run a VA scan without the IPS won't you get incorrect results?

What do other subscribers to this list do?

Regards




John

On 20 September 2011 06:37, J Teddy <jteddylists () gmail com> wrote:
I'm currently documenting how to prioritise remediation efforts from 
my last vulnerability scan.  As my assets have all had information 
risk assessments conducted, I can easily calculate my CVSS score using 
the CVSS2 calculator.

I then started thinking about compensating controls in my network 
where I could possibly lower the priority of the remediation.  For 
example the SSH vulnerability priority may be lowered as there is a 
signature for prevention on my IPS.

The question I can not answer is if my IPS has prevention for such a 
signature, and I'm running a vulnerability scan through that IPS, will 
my IPS block those packets, with the end result being my VA scan does 
not detect the vulnerability?

Thanks.

----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this 
guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged 
information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby 
notified that you have received this communication in error and that any review, disclosure, dissemination, 
distribution or copying of it or its contents is prohibited. If you have received this communication in error, please 
reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any 
attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet 
web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]