Penetration Testing: RE: Distributed Vulnerability Scanners

["Rapaille Max" <Max.Rapaille () nbb be>]

Hi,
Qualys has now an Intranet Scanner appliance.  You can put 5 (or more..) of them on different places in the network and 
1 web interface to manage them all.  Qualys will distribute all the Scan to appropriate box.

Regards,

Max

-----Original Message-----
From: Kohlenberg, Toby [mailto:toby.kohlenberg () intel com] 
Sent: vendredi 7 mars 2003 00:34
To: pen-test () securityfocus com
Subject: RE: Distributed Vulnerability Scanners


I've heard a couple people mention scanning services that offer appliances that you can bring in house, but do those 
actually run in a distributed fashion?

For this case, here's the definition I'd use for distributed: from a single console, I am able to set up a scan across 
a block of IP addresses, those addresses are then automatically split up according to some rules (by subnet or 
whatever) and sent out to scanning systems that are responsible for scanning those groups of IPs. They run the scans 
and send the results back to the central server.

The central server should also be able to push test updates down to the scanning systems.

Maybe in an ideal world the scan jobs would have an approval path that would check with the owner of the 
network/environment about to be scanned before executing it. Or at least give them a day or two to object before 
running the scan.

It's easy to set up a single box that is remotely managed and does all the scanning for an environment, but that 
doesn't work so well when some of your networks are at the other end of slow or expensive links.

toby

> -----Original Message-----
> From: Gideon Rasmussen, CISSP [mailto:gideon () infostruct net]
> Sent: Thursday, March 06, 2003 11:41 AM
> To: Greg Reber
> Cc: Talisker; pen-test () securityfocus com
> Subject: Re: Distributed Vulnerability Scanners
>
>
> In the past, I have used VIGILANTe SecureScan. They are a subscription 
> based vulnerability assessment service. For an annual fee, you can 
> execute scans as often as once per day. Their reports are quite 
> detailed (i.e. whois lookups, findings, severity levels, 
> w/corresponding advisories/fix actions). From what recall, they are 
> based on ISS, Nmap,
> a few other hacking tools, and home grown scripts. In 
> addition to their
> service, they offer software too. I'm probably not doing them justice,
> if you are interested, please refer to their site
> (http://www.vigilante.com).
>
> If you have any questions or comments, please do not hesitate
> to contact
> me. Thank you.
>
> Gideon
>
> Gideon Rasmussen, CISSP
> Celebration, FL
> gideon () infostruct net
> 321-939-1526
>
> Greg Reber wrote:
> > Andy - check out Qualys (www.Qualys.com ) and nCircle
> (www.ncircle.com)
> > -greg
> >
> > The information in this email is likely confidential and
> may be legally
> > privileged. It is intended solely for the addressee. Access
> to this email by
> > anyone else is unauthorized. If you are not the intended
> recipient,  any
> > disclosure, copying, distribution or any action taken or
> omitted to be taken
> > in reliance on it, is prohibited and may be unlawful.
> >
> > -----Original Message-----
> > From: Talisker [mailto:talisker () networkintrusion co uk]
> > Sent: Wednesday, March 05, 2003 2:56 PM
> > To: pen-test () securityfocus com
> > Subject: Distributed Vulnerability Scanners
> >
> > Hi
> > I'm looking for vulnerability scanners that will do their
> business remotely,
> > especially useful for distributed networks with low
> bandwidth or managed
> > services.
> >
> > I only know of 3:
> > Lightning Proxy
> > http://www.tenablesecurity.com/proxy.html
> >
> > Nessus
> > http://www.nessus.org/features.html
> >
> > Retina
> > http://www.eeye.com/html/Products/Retina/index.html
> >
> > Does anyone know of any more, I would suggest that this
> excludes web based
> > scanners like shieldsup etc as they don't resolve the
> bandwidth issue, was
> > the problem with shieldsup (demonstrated at BlackHat Europe
> 2001) ever
> > resolved whereby you could use it to scan anyone you wished??
> >
> > Anyway the list when completed will appear here, though
> it's not on the site
> > navigation yet.
> > http://www.networkintrusion.co.uk/dist.htm
> >
> > Sorry about the amount of posts of late but I have been on
> vacation and
> > therefore have time to read my email.
> >
> > take care
> > -andy
> > Taliskers Network Security Tools http://www.networkintrusion.co.uk
> --------------------------------------------------------------
> --------------
> > Are your vulnerability scans producing just another report? Manage 
> > the entire remediation process with StillSecure VAM's Vulnerability 
> > Repair Workflow. Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
> --------------------------------------------------------------
> --------------
> > Are your vulnerability scans producing just another report? Manage 
> > the entire remediation process with StillSecure VAM's Vulnerability 
> > Repair Workflow. Download a free 15-day trial:
> > http://www2.stillsecure.com/download/sf_vuln_list.html
>
> --------------------------------------------------------------
> --------------
>
> Are your vulnerability scans producing just another report? Manage the 
> entire remediation process with StillSecure VAM's Vulnerability Repair 
> Workflow. Download a free 15-day trial:
> http://www2.stillsecure.com/download/sf_vuln_list.html
----------------------------------------------------------------------------

Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure 
VAM's Vulnerability Repair Workflow. Download a free 15-day trial: 
http://www2.stillsecure.com/download/sf_vuln_list.html


----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html