Hi Peter,
I am using OpenVAS to conduct VA in the environment of a big corporate
network (up to /21 networks) on a regular basis, and so far I have
never witnessed any incidents on the IT world. I'm using default
OpenVAS profile, altough I have also tried the most impactful profiles.
So on IT side; unless you are using very old & unmaintained assets (in
which case, at least your scans will help identify them) this shouldn't
be a concern.
However, on OT world this is significantly different. I have witnessed
several crashes / reboot of OT devices, including recent ones. So I
would be much more careful on this part of your environment.
Best,On Wed, 2018-03-14 at 12:53 -0700, Peter Collins wrote:
> (Sorry if this is a repost. I had a technical issue with my first
> attempt)
>
> I would like to use OSSIM's OpenVAS component to run asset and
> vulnerability scans on both prod and non-prod. Like every place, we
> want to make sure the IT infrastructure is not harmed or jeopardized.
>
> So what is due care when introducing scanning? Should I do the asset
> scans only during maintenance windows to start off, to make sure
> nothing gets broken? Or are the non destructive, non authenticated
> scans considered safe enough to run during production hours, on
> production assets?
>
> I should add that Nessus has been used by an outside contractor
> without issue, on our network.
>
> Thanks so much in advance
>
> Peter
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-di
> scuss
_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
