RE: Sacha, was => Re: opinions on Vigliante's SecureScanNX for attack/pen work?

From: Sacha Faust (sacha@severus.org)
Date: 12/01/01


From: "Sacha Faust" <sacha@severus.org>
To: "'H Carvey'" <keydet89@yahoo.com>, <pen-test@securityfocus.com>
Subject: RE: Sacha, was => Re: opinions on Vigliante's SecureScanNX for    attack/pen work?
Date: Fri, 30 Nov 2001 19:57:22 -0500
Message-ID: <001a01c17a03$23225e30$66d3ca18@kidgnaped>

I found it to intrusive for what we had in mind.
The product requires ePolicy server, sql server, big management console and
required a few open ports to function (people can see a quick discussion
about those ports and trying to understand why they were there in the
pen-test mailing list a few weeks ago see:
http://www.securityfocus.com/cgi-bin/archive.pl?id=101&start=2001-11-27&end=
2001-12-03&threads=0&mid=Pine.BSI.4.05L.10110301500400.2673-100000@maxx.mc.n
et ).
When I started looking for something distributed, I was looking for
something very flexible and light so it could be installed on consultants
laptop and something that we could deploy in various environments without
problems. I knew that Nessus was a good product (and we were already using
it) but it didn't fit the criteria. When I saw Vigilante, I was something
interesting and the thing that completely sold me is the fact that in the
agent to management console, the agent is the initiator of the
communication. This little thing makes the big difference and solved most of
the problems I had with other products. You can deploy agents and tell them
to connect to the console and they report back to you and doing so via a
outbound connection. If you set it to connect to port 80, a lot of corporate
firewalls will let the traffic pass so you can have agents inside corporate
networks and you have access to them via a secondary network. The agent is a
simple service on the host so it's not very intrusive.
On the other hand, I Distributed Cybercop is a better solution for very
large organization that already have ePolicy server. The deployment
capabilities of Distributed Cybercop is better then SecureScanNX if you keep
it inside the corporate network.
I know a lot of big firms are looking to cut down on their cost or trying to
cope with the fact that a ton of people are getting laid off so distributed
scanners can help in the process so you can centralize the management.

just my 0.2$

-----Original Message-----
From: H Carvey [mailto:keydet89@yahoo.com]
Sent: Thursday, November 29, 2001 1:30 AM
To: pen-test@securityfocus.com
Subject: Sacha, was => Re: opinions on Vigliante's SecureScanNX for
attack/pen work?

In-Reply-To: <000301c17772$c772c850$66d3ca18@kidgnaped>

> I took a look at Distributed Cybercop but I
>quickly stop. It is a good product but to
intrusive and not suited at all
>for the type of work we were looking into

Could you elaborate on what you mean by "too
intrusive"? I think this would be very
instructive for the rest of us.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages