On Wed, 15 Sep 2004, Samir Kelekar wrote:
whereby an agent can be deployed on your system (currently only Windows platform is supported). Through a hosted-server model, VA will be conducted via nessus on the target. (Currently, only external IP addresses are scanned). A white paper is also available on the site.
The advantages of such an approach is that no vulnerabilities will be missed. Every time events take place (such as new services started) that may change the vulnerability status of the target system, the agent talks to the server which conducts VA on the target to the extent required.
Thus, one does not have to run a VA tool at all; everything takes place in an automatic manner, and one will be intimated whenever new vulnerabilities occur.
In respect on Renaud's message on this thread, I have trimmed the quoted text to just the content. There is a point I wanted to make about this though...
While I can see the value in something like this and it sounds nifty, it does NOT negate the need to run a VA tool. It is very common for a system to not have any known vulnerabilities today, make absolutely no configuration changes, and then be vulnerable tomorrow.
While vulnerabilities often do occur by changes on the target system, every day new vulnerabilities are discovered that were not previously known. Thus, without changing anything on a target system, it can become vulnerable to attack as new exploits are discovered.
Again, a system of automatically launching a VA when a target system changes is a good thing. However, it certainly does not negate the need or value of doing a VA frequently - regardless of changes (or lack thereof) on the target system.
~Jay
-- .. .. Jay Jacobson .. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com .. .. Network Security Auditing and .. Vulnerability Assessment Managed Services ..
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
