PaulDotCom mailing list archives

Re: Cloud based scanner/attack platform

From: Ron Gula <rgula () tenable com>
Date: Tue, 11 Jun 2013 15:32:31 +0000

I've spoken to a lot of Nessus users that drop their scanners in a rack or
virtual rack some place and are just fine, even though scanning may be
explicitly prohibited by the provider. There are lots of Nessus users who
run their activation code's from Amazon for example, even though Amazon
requires you to get approval for your scans.

Having said that, if you want raw Nessus scanning from the cloud, check
out the Nessus PerimeterService.  We've invested a great deal of resources
in making  sure the scans are fast and aren't limited by bandwidth or filtering.
http://www.tenable.com/products/nessus-perimeter-service

As far a pen testing from the cloud, there is less of an issue with bandwidth
and filtering and more of an issue with will your activity look like a
compromised system.

Ron




From: Christopher Croad <ccroad () syr edu<mailto:ccroad () syr edu>>
Reply-To: PaulDotCom List <pauldotcom () mail pauldotcom com<mailto:pauldotcom () mail pauldotcom com>>
Date: Tuesday, June 11, 2013 10:36 AM
To: PaulDotCom Security Weekly Mailing List <pauldotcom () pdc-mail pauldotcom com<mailto:pauldotcom () pdc-mail 
pauldotcom com>>
Subject: [Pauldotcom] Cloud based scanner/attack platform

Hello,

First time caller, long time listener.

Does anyone have any recommendations for a vendor that would provide a cloud based linux VM that could be used as a 
scanning/attack platform?  We're looking to do assessments on ourselves from an outside perspective as opposed from 
inside our own perimeter.  Our main concerns are that the provider won't shut us down if they see us scanning our own 
network (preferably by agreement rather than by lack of monitoring on their part), and of course, cost.   We'd may also 
use the system to set up mimicked websites for phishing exercises against our staff, so we'd want to be able to stand 
up websites and domain names as well.

Chris C.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Cloud based scanner/attack platform Christopher Croad (Jun 11)
- Re: Cloud based scanner/attack platform Robin Wood (Jun 11)
- Re: Cloud based scanner/attack platform Frank C (Jun 11)
  - Re: Cloud based scanner/attack platform Chris Keladis (Jun 14)
- Re: Cloud based scanner/attack platform Ron Gula (Jun 11)
- Re: Cloud based scanner/attack platform Jack Daniel (Jun 11)
  - Re: Cloud based scanner/attack platform allison nixon (Jun 11)
    - Re: Cloud based scanner/attack platform Bacon Zombie (Jun 11)
- Re: Cloud based scanner/attack platform Sherif El-Deeb (Jun 11)
  - Re: Cloud based scanner/attack platform allison nixon (Jun 11)
- Re: Cloud based scanner/attack platform Michael Allen (Jun 13)