RE: [fw-wiz] commercial va
From: Ben Nagy (email@example.com)
From: "Ben Nagy" <firstname.lastname@example.org> To: "'Behm, Jeffrey L.'" <BehmJL@bvsg.com> Date: Thu, 17 Apr 2003 09:43:12 +0200
> -----Original Message-----
> From: email@example.com
> [mailto:firstname.lastname@example.org] On Behalf
> Of Behm, Jeffrey L.
> Sent: Wednesday, 16 April 2003 8:02 PM
> To: email@example.com
> Do you have any specifics on what got "freaked out?" by
Network infrastructure, particularly (in my case) switches with spanning
tree enabled. I still feel the pain. This was a while ago, yada yada, but
AFAIK it's still a fairly widely held belief. Most people recommend that you
avoid routing your nessus scans around a lot, or scanning your
infrastructure (routers, switches, firewalls) devices too heavily.
Obviously if you don't run in safe mode you have even more potential
problems, but I already assumed that nobody sane would do that on a
I have also "heard" (this is code for "I can't remember where I heard it,
nor can I back it up from my own experience") that some hosts or servers
have had problems with safe nessus scans and crashed anyway.
As for the rest of the thread, I'll shut up now that there has been a decent
discussion - I was terrified that the poster would go and evaluate nothing
but ISS and Cybercop - which is probably not a good plan.
General points that I would like to underline:
- VA can't yet replace a smart security person in terms of turning scan
results into sensible risk management and remediation.
- The whole VA space is still evolving. Event correlation, distributed
scanning, automatic remediation and early attempts at intelligent risk or
threat assessment are already out there from a number of vendors.
- No tool is perfect, and while everyone is working to reduce false
positives and false negatives, writing checks that don't crash things is
actually pretty hard. Don't assume that your tool is giving you the gospel.
> I.E. what in particular should one be concerned
> about? [...]
> Please enlighten me if I am astray.
> At some point, Ben Nagy spewed:
> > You should look at Retina as well. For freeware, Nessus is
> also cool,
> > but I, personally, would be very careful running it on production
> > networks (we often recommend that people use nessus as a
> complement to
> > Retina, but it does have a habit of freaking out networks).
firewall-wizards mailing list