Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Effective Location For The Scan

from [DePriest, Jason R.] Network Security [Permanent Link]
Subject: RE: Effective Location For The Scan
Date: Thu, 20 Apr 2006 14:50:50 -0500 
So you basically proved that their firewall works.
 
I have not had good luck with external scanning even if the firewall is
set to give me full access.
 
The firewall still has to look at every single packet that my system is
sending and decide whether or not to pass it.  This introduces latency
in the scan and can severely punish the CPU on the firewall (or the
state table, or session table, or however it tracks connections).
 
Can you honestly say you believe the Nessus results from the scan that
found "no vulnerabilities"?  Would you want to take that result and
publish it in the newspaper?  Why don't you ask them that question and
see how they feel about their "no vulnerabilities" scan.
 
I have trouble with that mentality here, as well.  Nobody cares about
whether or not systems are vulnerable, they just care about what a
report says.  If I run a scan searching for a single vulnerability and
no system is vulnerable, that does not mean that the systems have "no
vulnerabilities"; it just means that none of the scanned systems were
vulnerable to the specific vulnerability I was scanning for... or that I
don't have the necessary rights on the target systems to determine level
of vulnerability.
 
So, there are more things to consider than just inside or outside.  If
the folks around are willing to cooperate and not be stupid or
boneheaded, then you can figure out the best way.
 
The fact that you found their "no vulnerabilities" report "suspect" is
probably an understatement on your part.  I imagine you almost fell out
of your chair when you read their report.  You are smart enough to know
that any sufficiently sized conglomeration of systems will have
vulnerabilities.  If they were just trying to test their firewall, then
they were successful.  But that wasn't what you were asking for and they
are relying on you to either not care about accuracy or not understand
what they are pulling over on you.  Good call on your part.
 
-Jason

        -----Original Message-----
        From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of -soundlux-
        Sent: Thursday, April 20, 2006 12:05 PM
        To: Nessus@list.nessus.org
        Subject: Effective Location For The Scan
        
        
        I was able to introduce an initiative whereby scans are required
on a monthly basis.
        
        Department were requested to run scans agains their critical
servers and send results to the security officer.
        
        There were questionsraised as to where the scans should be ran
from:
        
        My research indicated that the threat was greatest from
insiders, so my suggested approach was to require that the scans be ran
from inside the network ( specifically behind the firewall.)
        
        Other will argue that the scans should be ran from outside the
firewall since the threats are mainly external. 
        
        A department that took the last approach (running the scans from
outside the firewall), reported the Nessus scan results with No
vulnerabilities.
        
        I find these results suspect, considering thesize of there
network.
        
        My Question is, if the scans are run from ouside the network,
should the firewall (and other security appliances) be configured in a
particular way as not to distort the scans.  At the very least I will
expct that IP traffic from the computer executing the scans should be
allowed on the network.
        
        Advice from this list will be appreciated.
        
        Thanks.
        

        
________________________________

        New Yahoo! Messenger with Voice. Call regular phones from your
PC
<http://us.rd.yahoo.com/mail_us/taglines/postman5/*http://us.rd.yahoo.co
m/evt=39666/*http://beta.messenger.yahoo.com>  and save big.


------------------------------------------------------------------------------
Confidentiality notice:
This e-mail message, including any attachments, may contain legally privileged 
and/or confidential
information. If you are not the intended recipient(s), or the employee or agent 
responsible for delivery
of this message to the intended recipient(s), you are hereby notified that any 
dissemination,
distribution, or copying of this e-mail message is strictly prohibited. If you 
have received this message
in error, please immediately notify the sender and delete this e-mail message 
from your computer.

==============================================================================

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Effective Location For The Scan, Todd Adamson
Next by Date:  RE: Effective Location For The Scan, Jay Jacobson
Previous by Thread:  Re: Effective Location For The Scan, Todd Adamson
Next by Thread:  RE: Effective Location For The Scan, Jay Jacobson
Indexes:  [Date] [Thread] [Top] [All Lists]