At 02:40 PM 8/30/2004 +0530, Samir Kelekar wrote:
Just wanted some feedback from experienced VA experts on this list.
What do people think of agent-based real-time VA using nessus?
Is anyone aware of any activity regarding the above?
Do you think real-time VA is viable?
regards,
Samir Kelekar
Hi Samir,
I'm sure there are plenty of different opinions on this topic,
but the three that I share are this:
- If you can run an agent on a system, such as nessusd, then
you have some sort of credentials which allows you to do this.
Given the choice between a network scan and a host level
assessment (Nessus can do both) I would choose the host
level assessment.
- Since you said 'real-time' along with 'agent-based' I'd like
to point out Tenable's passive vulnerability scanner named
NeVO. It sniff's network traffic and gives you a list of hosts,
ports, who's communication to who and a list of vulnerabilities
in a Nessus .nsr style report. Our research folks at Tenable
write the plugins for Nessus and as we do this, we make sure
to write plugins for NeVO.
- When other folks say 'real-time', in almost all cases, this
corresponds to continuous network scanning. Usually folks
who do this are scanning for new/missing open ports,
new/missing systems or new vulnerabilities. Our Lightning
Console can do this, but we really don't recommend for
people to continuously port scan or ping sweep their networks
and feel that NeVO is a more accurate way to find open ports.
Typically, for scans that occur on a daily or weekly basis, we've
seen people minimize network impact by only scanning ports
less than 1024. This would miss Sasser and many other
backdoors and trojans.
Ron Gula, CTO
Tenable Network Security
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
