Hi,
True. These are details which should be accounted for. I use aOk, I'd be interested to know more about your model and how you developed it. If the risk rating is lessened to account for "default config not exploitable", how does this hold up when a vul scan demonstrates an exploitable configuration is in use?
ranking model that relates default versus non-default
configurations as part of likelihood (along w/ known or unknown
exploit/POC).
Other ones to think about would be remote versusWise words... it is easy to get carried away on such discussions. So, lets think about what structured information we'd want for each plugin:
local, user account needed versus anonymous/no account, etc. There
will always be vulnerabilities that are hard to describe. This is
not trying to create a taxonomy for vulnerabilities; this is
trying to detail the risks a bit more. A bit more IMO would be
better than what's going on now.
Impact
Confidentiality/Integrity/Availability??
With this, both "server type & version" and "directory traversal" would be "confidentiality", probably not granular enough. And what about SQL injection? It's impractical to tell if this affects integrity without doing a manual audit. Something different probably required.
Class of Attacker 0 (anyone) -> 10 (NSA only)
Difficulty of attack Requires: users to be dumb? (e.g. phishing) user interaction? (e.g. XSS) credentials? many attempts before success? (e.g. brute forcing return address) This one is very hard to get a handle on!
If you don't like Nessus's rating, then roll your
own! That should keep discussions down to better logic :)
Not sure that's particularly constructive, but anyway...
you can put the value in relating the objective issues (likelihoodI think FoundStone has a quantitative/automated way of doing this. Perhaps you could get an eval license to take a look?
= remote; non-default configuration; no known exploit -- produces =
arbitrary access to the root account) to a company's subjective
setup (Low/Medium/High/Whatevr risk because blah blah blah). I
can't think of an automated tool that does that right now, knowing
Regards,
Paul
-- Paul Johnston, GSEC Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: [EMAIL PROTECTED] web: www.westpoint.ltd.uk
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
