I've spoken to a lot of Nessus users that drop their scanners in a rack or virtual rack some place and are just fine, even though scanning may be explicitly prohibited by the provider. There are lots of Nessus users who run their activation code's from Amazon for example, even though Amazon requires you to get approval for your scans.
Having said that, if you want raw Nessus scanning from the cloud, check out the Nessus PerimeterService. We've invested a great deal of resources in making sure the scans are fast and aren't limited by bandwidth or filtering. http://www.tenable.com/products/nessus-perimeter-service As far a pen testing from the cloud, there is less of an issue with bandwidth and filtering and more of an issue with will your activity look like a compromised system. Ron From: Christopher Croad <[email protected]<mailto:[email protected]>> Reply-To: PaulDotCom List <[email protected]<mailto:[email protected]>> Date: Tuesday, June 11, 2013 10:36 AM To: PaulDotCom Security Weekly Mailing List <[email protected]<mailto:[email protected]>> Subject: [Pauldotcom] Cloud based scanner/attack platform Hello, First time caller, long time listener. Does anyone have any recommendations for a vendor that would provide a cloud based linux VM that could be used as a scanning/attack platform? We're looking to do assessments on ourselves from an outside perspective as opposed from inside our own perimeter. Our main concerns are that the provider won't shut us down if they see us scanning our own network (preferably by agreement rather than by lack of monitoring on their part), and of course, cost. We'd may also use the system to set up mimicked websites for phishing exercises against our staff, so we'd want to be able to stand up websites and domain names as well. Chris C.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
