On Wed, 15 Sep 2004, Samir Kelekar wrote:
whereby an agent can be deployed on your system (currently only Windows
platform is supported). Through a hosted-server model, VA will be
conducted via nessus on the target. (Currently, only external IP
addresses are scanned). A white paper is also available on the site.
The advantages of such an approach is that no vulnerabilities will be
missed. Every time events take place (such as new services started) that
may change the vulnerability status of the target system, the agent
talks to the server which conducts VA on the target to the extent
required.
Thus, one does not have to run a VA tool at all; everything takes place
in an automatic manner, and one will be intimated whenever new
vulnerabilities occur.
In respect on Renaud's message on this thread, I have trimmed the quoted
text to just the content. There is a point I wanted to make about this
though...
While I can see the value in something like this and it sounds nifty, it
does NOT negate the need to run a VA tool. It is very common for a system
to not have any known vulnerabilities today, make absolutely no
configuration changes, and then be vulnerable tomorrow.
While vulnerabilities often do occur by changes on the target system,
every day new vulnerabilities are discovered that were not previously
known. Thus, without changing anything on a target system, it can become
vulnerable to attack as new exploits are discovered.
Again, a system of automatically launching a VA when a target system
changes is a good thing. However, it certainly does not negate the need or
value of doing a VA frequently - regardless of changes (or lack thereof)
on the target system.
~Jay
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Network Security Auditing and
.. Vulnerability Assessment Managed Services
..
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
