At 03:58 PM 8/17/2004 +0200, Michel Arboi wrote:
On Tue Aug 17 2004 at 15:12, Hugo van der Kooij wrote:
> If your scan kills anything then you have a problem and the problem is NOT
> called nessus. It is the machine that is not resilient enough and not
> shielded enough that is your problem.
I agree at 90% (I love to code DoS plugins :) but the situation is not
so simple:
1. As far as I know, on a civil point of vue, you are responsible if
you destroy something, unless you warned your customer of _all_
risks. You cannot just say "I am responsible for nothing, whatever
happens, please sign here". Such a contract is void.
This is at least the situation in France, and I suppose that this is
true in many other countries.
2. Suppose you have a banking application that transfers billions of
dollars every day. You don't want to break it, because every minute
costs. The easy solution is to avoid it (don't scan, don't even look
at it!) but on the way you prefer to find a flaw before the bad guys.
Maybe there is an identical test machine: you can play with it. Or
maybe not. Or maybe the test machine is the backup machine, and it
should remain available "just in case"...
Given the number of questions we've seen on and off of this list regarding
active scanning vs. host-based checks, the following paper may be of
interest:
http://www.tenablesecurity.com/white_papers/blended_security_checks.pdf
Be forewarned, this is a marketing doc for Tenable and our Lightning/NeVO
products, but it accurately describes the major differences and advantages
between host-based, networking and passive analysis.
Ron Gula, CTO
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
