Hi I was just wondering if we could co0mpletely phase out the nessus client and move towards a server-only architecture, wherein the server directly runs vulnerability tests on the targets andd the user has some kind of an interface directly with the server.
I know that it allows a remote administrator a lot of freedom.. But i guess a significant amount of overhead would be eliminated, and probably we could concentrate more on the development of nessusd. I dont think most modern organisations run the server and client on different machines anyway. Detached scans are a great thing, but still hog a lot of bandwidth. SSL, is a great thing, but still not 100 percent secure. Maybe we could have an option wherein we could either log on the server, specify the targets and let it attack the tagets, and get the report back on the same machine with no .nessusrc, No SSL between the client and the server and no NTP, or we could use the existing architecture. I know that there are many complex things involved, and this is only an observation. No offence intended Regards Ashutosh ________________________________________________________________________ Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. Go to: http://in.insurance.yahoo.com/licspecial/index.html _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
