On Wed, 2003-02-05 at 11:05, Simons, Rick wrote: > If someone is drawing up a vulnerability and "costs of fixing this network" > document; am I overlooking associated costs with securing a network using > Nessus? > 1. Accept the risk > 2. Use Nessus to figure out the vulnerabilities
Also consider costs associated (on a large heterogeneous network in any case) with inadvertantly shutting down fragile services (JetDirect cards, Novell FlexIP, etc) from even the more benign plugin selections. Here, at the BI Deaconess Medical Center in Boston, a routine Nessus scan over wide areas of our network space will shut down 10%+ of our services. Not so bad if you're a small home office. Rather bad if you're a financial brokerage house. Potentially *really* bad if the box in question is currently running a lab test on a patient 10 minutes out of an ambulance! Kris
