Hi All: My apologies for wording the post in the manner done; well, one of the aims of the post was to trigger some technical discussion around the idea that has been proposed. And I am glad Jay has brought up a good point.
I fully agree with Jay that a target system which is not vulnerable can end up being vulnerable without any config changes done in it. This is due to new vulnerabilities publicly discovered. But, I think there would be no need to run a complete scan in such a case. It would be enough to only run those tests pertaining to detecting the new vulnerabilities that are publicly discovered (since a complete scan has been done before, and there are no config changes in the system since the last scan.) regards, Samir Kelekar Teknotrends Software Bangalore http://www.teknotrends.com > On Wed, 15 Sep 2004, Samir Kelekar wrote: > > > whereby an agent can be deployed on your system (currently only Windows > > platform is supported). Through a hosted-server model, VA will be > > conducted via nessus on the target. (Currently, only external IP > > addresses are scanned). A white paper is also available on the site. > > > > The advantages of such an approach is that no vulnerabilities will be > > missed. Every time events take place (such as new services started) that > > may change the vulnerability status of the target system, the agent > > talks to the server which conducts VA on the target to the extent > > required. > > > > Thus, one does not have to run a VA tool at all; everything takes place > > in an automatic manner, and one will be intimated whenever new > > vulnerabilities occur. > > > In respect on Renaud's message on this thread, I have trimmed the quoted > text to just the content. There is a point I wanted to make about this > though... > > While I can see the value in something like this and it sounds nifty, it > does NOT negate the need to run a VA tool. It is very common for a system > to not have any known vulnerabilities today, make absolutely no > configuration changes, and then be vulnerable tomorrow. > > While vulnerabilities often do occur by changes on the target system, > every day new vulnerabilities are discovered that were not previously > known. Thus, without changing anything on a target system, it can become > vulnerable to attack as new exploits are discovered. > > Again, a system of automatically launching a VA when a target system > changes is a good thing. However, it certainly does not negate the need or > value of doing a VA frequently - regardless of changes (or lack thereof) > on the target system. > > ~Jay > > -- > .. > .. Jay Jacobson > .. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com > .. > .. Network Security Auditing and > .. Vulnerability Assessment Managed Services > .. > _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
