Re: Nessus Reporting frontend options - scan management

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have experience with it. We used run the lightening app, and most recently
(about 9 months ago) tested the nesses security center. Granted, this was
before they started charging corporate customers to use nessus, which we no
longer use.

I was fairly dissapointed with it. It will provide you with pretty graphs,
more information than you need, etc. It was fairly expensive at the time, in
the price range of over 15k. If you have a lot of nessus scanners, say in an
isp environment where you want to run one for each data center thats more
local, I can see how its a nice way to consolidate, assuming you pay for
tenables new *pricing model/feed model*.

What was a deal killer for me and the reason not moving forward is, when you
buy it, it comes with support. That support only includes running it on
redhat linux. If your a debian/ubnt shop, now you need to manage a solo rpm
management box. They wont even talk to you if you run it on anything
nonredhat, so your paying for support if you need it, but you won't get it.
Also I noticed some funky issues. At the time, it would work only with
openssl 0.97 when I was testing it. After doing a normal update to openssl
0.98, it broke the app.

It ended up being a lot of work just to perform testing, and using rpm2tgz
and try to build it on debian didn't work out well.

They will give you a trial if you want to test, just be aware unless they
have changed over the past 9 months, you will be stuck running a redhat box,
and any normal upgrades might potentially break the app, but I guess their
support could work through issues. Seemed a bit odd to us for a securty app
to not support the newest openssl.

To be honest, I don't even bother with nessus anymore, as it produces too
many results. Scheduling scans can be done via nmap. Use -oM option and pipe
the output through amap to recognize whats actually running on a port. Newer
nmaps have ndiff so you can do delta reports... its fast, simple, easy, and
free. Keep up with infosec vulns using standard means, ie vendor mailing
lists, bugtraq/fd/whatever rather than waiting for an app to tell you. Use
google api's to just generate reports based off nmap/amap output.. You can do
charts, graphcs, you name it. We do it for weekly phishing reports pulled
from phishtank.com, then use google api to automatically mail out pretty pdf
reports. It's fairly simple and the cost/time is much less than a 20k app
that is debatable at best.

The tenable trial goes for 30 days, jsut be aware they will call you weekly
for years to come to see if 'you're ready to move forward'...


Daniel I. Didier <ddidier@xxxxxxxxxxxxxxx> wrote [05.05.09]:
Jeff,
Do you have experience with Tenable Security Center? If so, what is
your impression?

Thanks,
Dan

-----Original Message-----
From: Jeff Stebelton [mailto:jeff.stebelton@xxxxxxxxx]
Sent: Tuesday, May 05, 2009 7:01 PM
To: Daniel I. Didier; security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Nessus Reporting frontend options - scan management

Tenable Security Center does all that...

On 5/5/09, Daniel I. Didier <ddidier@xxxxxxxxxxxxxxx> wrote:
Hello,
I am looking for input on available Nessus scan management
solutions. I
have used inprotect in the past and have been generally pleased with
its
capabilities but it seems to lack development. I am also aware of
autonessus which has similar functions. I am curious what other
options
exist.

The primary requirements are the ability to schedule scans and
compare
results; new, mitigated, and existing vulnerabilities and produce
useful
reports. Also, the ability to mark a finding as a false positive or
acceptable risk is needed. Any input and experience is appreciated

Dan


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF)
exercises,
Certified Ethical Hacker and Certified Penetration Tester exams,
taught
by
an expert with years of real pen testing experience.


http://www.infosecinstitute.com/courses/ethical_hacking_training.html

------------------------------------------------------------------------



--
Sent from my mobile device

Jeff Stebelton, GCFW GCIA GCIH CEH ESSE

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


- --

Mike Acker, GIAC
Information Security Analysis
Internap Network Services, Inc.
(c) 206.226.9727


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iEYEARECAAYFAkoC5D8ACgkQBFfbgm5FXkWi6wCeIecdC/SJHV0jib+7hT3HZT3c
v3MAnjJmG7/vfN4TAEDVV2eCv975AQE3
=DXxH
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Relevant Pages

  • Re: Security Exception when deploying a VB.NET 2003 Solution
    ... It runs fine on any workstation. ... folder 2 levels up from the BIN folder where the application resides. ... Microsoft .NET security errors upon trying to start the Executable. ... I bet the workstaion is WinXP and your app is trying to write data( ...
    (microsoft.public.vsnet.general)
  • Re: Memory management problem?
    ... The DevMode etc properties can be VERY tricky. ... Run the app locally. ... One app is a reporting one, and it opens reports (in either ...
    (comp.databases.ms-access)
  • Re: Access 2002 Security on multiple workstations
    ... > I am trying to learn on the fly about Access Security for an app we ... I realize Access security is an advanced subject ... > I also have two Client PC's: Client1 and Client2 who use MyApp. ... You need to start over with the proper security FAQ documents and follow all ...
    (comp.databases.ms-access)
  • WM5 Security Queries
    ... the Security model in WM5. ... in the past but my app has been designed mainly for Pocket PCs and Pocket PC ... I have a Dell Axim X51v Pocket PC with WM5 and have been doing some testing ... While I am gradually coming to grips with the Security model, ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: Sygate Free PFW
    ... security holes won't be fixed. ... switch to the windows XP SP2 firewall? ... Windows firewall does not inform user when an apps tries to connect ... This arrives, of course, when app is installed in a session where user has ...
    (comp.security.firewalls)