> Authenticated scanners are a bad practice (imho) Can you expand on this a bit more? I would be interested to hear your opinion as to why you say this. I think using authenticated scanners is an excellent way to identify:
1. Computers missed by the patch management process. 2. Effectiveness of patch management process. I've seen patch products report to the console that a host is patched; however, the scan proved that a given patch failed to apply. 3. Client software not managed and patched by IT (i.e., iTunes) 4. Mis configurations (i.e., Autorun, no SEHOP, no DEP, etc.). Joe Gatt @gattjoe **********Lots and Lots of OS Updates and vulnerabilities that cant be seen from outside the box, is the risk of flinging around usernames and passwords on the network higher than the risk of not being aware of a vulnerability? I dunno.....I lean towards no personally ________________________________
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
