Thanks everyone so far, including the omnipresent Rui. This information is very helpful.
Peter On Thu, Mar 15, 2018 at 4:55 AM, tatooin <tato...@free.fr> wrote: > Hi Peter, > > I am using OpenVAS to conduct VA in the environment of a big corporate > network (up to /21 networks) on a regular basis, and so far I have never > witnessed any incidents on the IT world. I'm using default OpenVAS profile, > altough I have also tried the most impactful profiles. > So on IT side; unless you are using very old & unmaintained assets (in > which case, at least your scans will help identify them) this shouldn't be > a concern. > > However, on OT world this is significantly different. I have witnessed > several crashes / reboot of OT devices, including recent ones. So I would > be much more careful on this part of your environment. > > Best, > > On Wed, 2018-03-14 at 12:53 -0700, Peter Collins wrote: > > (Sorry if this is a repost. I had a technical issue with my first attempt) > > I would like to use OSSIM's OpenVAS component to run asset and > vulnerability scans on both prod and non-prod. Like every place, we want to > make sure the IT infrastructure is not harmed or jeopardized. > > So what is due care when introducing scanning? Should I do the asset scans > only during maintenance windows to start off, to make sure nothing gets > broken? Or are the non destructive, non authenticated scans considered safe > enough to run during production hours, on production assets? > > I should add that Nessus has been used by an outside contractor without > issue, on our network. > > Thanks so much in advance > > Peter > > _______________________________________________ > Openvas-discuss mailing > listOpenvas-discuss@wald.intevation.orghttps://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > >
_______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss