Home page logo

pen-test logo Penetration Testing mailing list archives

AW: QualysGuard - VA/PT appliance
From: "Engelke, Stephan" <engelke () gmx net>
Date: Wed, 24 Aug 2005 10:03:43 +0200

Hi everyone,

we are using this appliance to conduct vunlerability assessments in LAN environments [it came with the "consultant" 
package we ordered].  Essentially the appliance is a proxy for the scanners places in the Qualys datacenter. It is 
controlled via the web account. All actions are triggered via the internet and all generated data is stored with the 
Qualys-account which initiated the scan.

This data is stored encryptedly and is only accessiblle by the user. The username / password combination is used to 
unlock the key which encrypts the data in the database. If the password is lost, noone - and this includes Qualys 
personell - can gain access to the data. 

What you need to run the applicance is an ip address inside the LAN, a network jack (of course) and access to the 
Internet via port 443.  This port may be proxied, the appliance allows for this.

I have seen this solution deployed in large companies, including banks.  I consider myself pretty paranoid, but the 
security measures I have seen as far as data protection goes, are IMHO sufficient.

Cheers - Stephan 

-----Urspr√ľngliche Nachricht-----
Von: prasanna.mukundan () wipro com [mailto:prasanna.mukundan () wipro com] 
Gesendet: Dienstag, 23. August 2005 07:19
An: pen-test () securityfocus com
Betreff: QualysGuard - VA/PT appliance


We have are evaluating an appliance by Qualys, called 
QualysGuard that purportedly "enables security auditors to 
scope and perform detailed vulnerability assessments anytime, 
anywhere, using nothing more than a Web browser." 
Has anyone used this appliance? If so could you give me your 
feedback on the product?

From what I have seen of it in a couple of days, it seems to 
initiate a scan(for s/w vulnerabilities) from the intranet of 
a network, but sends the data to the internet/qualys server 
(and accessed via qualys'
website), which imo while have the regulators and auditors 
screaming. I would appreciate if anyone could confirm/correct that.


Confidentiality Notice
The information contained in this electronic message and any 
attachments to this message are intended for the exclusive 
use of the addressee(s) and may contain confidential or 
privileged information. If you are not the intended 
recipient, please notify the sender at Wipro or 
Mailadmin () wipro com immediately and destroy all copies of 
this message and any attachments.

Attachment: smime.p7s

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]