However, Nessus is the one we use to find and fix vulnerable machines.
I prefer Nessus to SiteProtector because 1) I think it's easier to use; 2) I think the reports provide the information in a better format; 3) It's open source, so it has a much better price...; 4) When I have a problem or question, I can email this list and get an answer fairly quickly. The community and developer support here separates Nessus from ISS tremendously, in my opinion.
Right now, we use Nessus with Inprotect so that the results of all scans go into an MySQL database (CVS version of Nessus includes this without needing any other program), for which we have written our own Perl based reporting that is used by IT Security and Management to track and deal with vulnerable machines. Using ODBC, we are able to include the ISS results in the reports along side the Nessus results.
As for whether or not one is better than the other... I would have to say, based on a few side by side tests we have run, that Nessus has provided better information each time. Sometimes it is as simple as Nessus detecting things ISS did not. There have been times running scans for MS03-026 and 039 that SiteProtector gave up and said it couldn't tell if a system was vulnerable when Nessus has accurately reported that it was.
Also, the documentation I have on the ISS software lists putting your scanning servers on your domain as one of the first steps. That implies to me that it is designed to work on a domain where it would have at least user level access to all the machines. We don't have that here. That may handicap the application some.
These are just my experiences with the two programs, but I would take Nessus over SiteProtector any day...
Carlton Foster IT Security NASA Langley Research Center
At 02:33 PM 12/23/2003 -0700, David Kyle Sayre wrote:
Hello all,
We have been using ISS Internet scanner and nessus (among other tools), and we would like to start combining, and where appropriate, moving tests from Internet scanner to nessus. We have a large Internet scanner policy, and instead of going through it by hand, I was wondering if anyone had a good correlation of Internet scanner and nessus reports? I tried using the CVE's, but that only gets us so far, we still have over 300 test to try and correlate, and the CVE's do not map to X-Force numbers (and Internet scanner tests) very well.
Also I was looking for a good vulnerability scanner comparison to show to manager types. Most of our managers are for the move to nessus, but some are still reluctant, and I would like to put as many nails in ISS's coffin as possible.
Thanks, David Sayre Los Alamos National Labs
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
