Re: Why eEye Retina (was MBSA scanner)

From: Rainer Duffner (rainer_at_ultra-secure.de)
Date: 07/14/04

  • Next message: Simon Shanks: "Webstretch - open source web penetration toolkit"
    Date: Wed, 14 Jul 2004 23:23:46 +0400
    To: theone81@rambler.ru
    
    

    Doty, Stephen (BearingPoint) wrote:

    >How does something like CA's eTrust Vulnerability Manager product compare -
    >so that continual scanning is not required using ISS, Nessus, Retina, etc ?
    >
    >
    >

    How does this thing work then ?

    I mean, NeVO uses passive scanning, and Nessus-scanning, but this "thing" ?

    Oh, I see:

    "Q: How does eTrust Vulnerability Manager detect vulnerabilities? "
    "A: eTrust Vulnerability Manager uses non-intrusive methods to detect
    vulnerabilities on an asset through a two-step process. Step one is the
    identification of technologies running on an asset. This may be
    accomplished through manual input or automatically by eTrust"
    Vulnerability Manager Service, which identifies the version, patch and
    hot fix level of technologies running on an asset. This information is
    then correlated with CA s security database to identify the
    vulnerabilities that apply to the asset."

    Can anyone, who runs this, comment on wether this leads to lots of false
    positives/false negatives ?
    Does it need an agent ?

    And, to be honest, I can't stand "appliances" with specs like that:

    "eTrust Vulnerability Manager is an appliance-based solution that runs
    on Windows 2000 Server Platform and can be accessed by Internet Explorer
    5.0 and higher. "

    A 'security-appliance' with the most bug-ridden, most-exploited OS on
    the planet, to be used with the most bug-ridden, most-exploited
    application running on top of it ?
    And:

    "In addition, eTrust Vulnerability Manager Service supports: " IBM AIX "
    HP-UX " Red Hat Linux " Sun Solaris " Windows NT/2000/XP/Server 2003"

    Does that mean it only detects vulnerabilities on those OSs ?
    What about all the other stuff that floats around ? The printer that
    runs some form of embedded Linux with a vulnerable Apache ?

    Rainer

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------


  • Next message: Simon Shanks: "Webstretch - open source web penetration toolkit"

    Relevant Pages

    • Re: Why eEye Retina (was MBSA scanner)
      ... >so that continual scanning is not required using ISS, Nessus, Retina, etc? ... How does eTrust Vulnerability Manager detect vulnerabilities? ... vulnerabilities on an asset through a two-step process. ...
      (Pen-Test)
    • RE: Why eEye Retina (was MBSA scanner)
      ... CA's eTrust Vulnerability Manager is not a good product. ... scanner, run it periodically, and patch what it tells them to patch. ... Security Agent. ... How does eTrust Vulnerability Manager detect vulnerabilities? ...
      (Pen-Test)