At 08:18 PM 9/19/2005, Michael Sierchio wrote:
[stuff deleted]
It would be nice[tm] not to have to perform an asset enumeration
by hand -- this, in practice, isn't even possible. Desktop users
install software all the time, either intentionally or... and
hosts come and go on networks, as do services. So the idea of
continuous scanning to perform the task is very appealing. That's
one possible use of a vulnerability scanner.
Continuous scanning will help you find some things, but won't find:
- new client software
- hosts protected by personal firewalls
- off-port services (you want to do continuous scanning for all 65k ports?)
Most organizations also have portions of their network that are off
limits to scanning. Over scanning switches, routers, IPSes, .etc can
have impact to network performance and take out a number of devices.
This is the big reason we wrote NeVO at Tenable. NeVO gives the
same type of data as Nessus, but does it through direct traffic
analysis. All of Lightning's vuln/ids correlation (which it does for
Cisco, TippingPoint, IntruSheild, ISS, Snort, Dragon, .etc) makes use
of Nessus as well as NeVO data. It also makes use of any host-based
results from your UNIX or Windows servers if you have credentials.
Ron Gula, CTO
Tenable Network Security
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
