Hi All:
My apologies for wording the post in the manner done; well, one of the aims
of the post was to trigger some technical discussion around the idea that
has been proposed.
And I am glad Jay has brought up a good point.
I fully agree with Jay that a target system which is not vulnerable can end
up being vulnerable
without any config changes done in it. This is due to new vulnerabilities
publicly discovered.
But, I think there would be no need to run a complete scan in such a case.
It would be
enough to only run those tests pertaining to detecting the new
vulnerabilities that are publicly
discovered (since a complete scan has been done before, and there are no
config changes
in the system since the last scan.)
regards,
Samir Kelekar
Teknotrends Software
Bangalore
http://www.teknotrends.com
On Wed, 15 Sep 2004, Samir Kelekar wrote:
whereby an agent can be deployed on your system (currently only Windows
platform is supported). Through a hosted-server model, VA will be
conducted via nessus on the target. (Currently, only external IP
addresses are scanned). A white paper is also available on the site.
The advantages of such an approach is that no vulnerabilities will be
missed. Every time events take place (such as new services started) that
may change the vulnerability status of the target system, the agent
talks to the server which conducts VA on the target to the extent
required.
Thus, one does not have to run a VA tool at all; everything takes place
in an automatic manner, and one will be intimated whenever new
vulnerabilities occur.
In respect on Renaud's message on this thread, I have trimmed the quoted
text to just the content. There is a point I wanted to make about this
though...
While I can see the value in something like this and it sounds nifty, it
does NOT negate the need to run a VA tool. It is very common for a system
to not have any known vulnerabilities today, make absolutely no
configuration changes, and then be vulnerable tomorrow.
While vulnerabilities often do occur by changes on the target system,
every day new vulnerabilities are discovered that were not previously
known. Thus, without changing anything on a target system, it can become
vulnerable to attack as new exploits are discovered.
Again, a system of automatically launching a VA when a target system
changes is a good thing. However, it certainly does not negate the need or
value of doing a VA frequently - regardless of changes (or lack thereof)
on the target system.
~Jay
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Network Security Auditing and
.. Vulnerability Assessment Managed Services
..
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
