Re: [fw-wiz] commercial va

• Previous message: Steven M. Bellovin: "Re: [fw-wiz] ICMP destination unreachable messages"
• In reply to: Andy Cuff [Talisker]: "Re: [fw-wiz] commercial va"
• Next in thread: Mark Teicher: "Re: [fw-wiz] commercial va"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Gary Flynn <flynngn@jmu.edu>
To: "Andy Cuff [Talisker]" <talisker@networkintrusion.co.uk>
Date: Wed, 16 Apr 2003 17:41:04 -0400

Andy Cuff [Talisker] wrote:
> Hi Simon
> I did hear that ISS Internet Scanner doesn't scan where the host is
> unresponsive to pings, I haven't used the tool to verify this, but I'm sure
> I'll be flamed if it's not correct.

It is a configurable option.

I tested about six vulnerability scanners two or three years
ago and picked the best one at that time for our purposes.
There was a clear winner at that time. I don't think it would
be as clear cut now but that is water under the bridge.

I would highly suggest getting evaluation versions of the
scanners you would like to try and test them on a production
network. In fact, I'd go so far as to say any complex security
device, whether it be a firewall, IDS, or scanner should be
evaluated by the people that are going to use it in the
environment they will use it in. Magazines and other people's
tests are fine starting points but these devices are too
complex and policies and networks too esoteric to find a good
match without in-house testing IMHO. And I've found that quite
often, testing concentrates on things that turn out to be
relatively unimportant in day to day use.

On another note, yes you can run multiple vulnerability scanners
and correlate data to decrease the false positives and false
negatives. However, there is a point of diminishing returns
beyond which effort that would go to integrating a bunch of
never 100% network detections should go into system hardening,
configuration management, and education instead....unless you
have unlimited personnel resources. :)

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Steven M. Bellovin: "Re: [fw-wiz] ICMP destination unreachable messages"
• In reply to: Andy Cuff [Talisker]: "Re: [fw-wiz] commercial va"
• Next in thread: Mark Teicher: "Re: [fw-wiz] commercial va"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Scanning Tools ... Lightweight scanning tools which discover multiple hosts on a network. ... Application Scanners. ... Talisker Security Tools Directory ... (Pen-Test) Re: Cant Scan on Network ... can be shared on a network, scanners are different. ... that supports network use to do what you are asking. ... It is a $650 Dell Laser Multi-Function Printer ... > claiming this is a Windows XP issue. ... (microsoft.public.windowsxp.general) Re: Are digital x-rays betterthan film? ... Forget the laptop in a clinical ... (some time spent configuring the network and assigning rights to each PC.) ... there are not many scanners sold with transparency adaptors built ... They are already dropping out of supporting Windows 98. ... (sci.med.dentistry) Re: HELP WITH DIGITAL POLICE SCANNER. ... CAN BUY A NEW DIGITAL POLICE SCANNER THAT WILL PICK THEM UP, ... foreseeable future you're not going to be listening to Mr Plod. ... The reason is the limitation of the network and the ... He's asking in every single group about scanners. ... (uk.rec.radio.cb) Re: Virus or Spam? ... Looking for problems on your own network isn't a bad idea, ... have an e-mail AV scanner, desktop AV scanners, server AV scanners, ... except your Exchange server), and blocing access to major web-mail ... (microsoft.public.exchange.admin)