I've recently been in touch with Qualys.
What you state is correct for the contractor's license. The actual scan engine
is located at Qualys. Even if you are conducting testing from an internal
network. The appliance simply serves as a proxy for the Qualys remote engine.
Cheers,
Ozan
______________________________
Ozan Gonenc, B.Sc, ITIL, GCIH
Senior IT Security Consultant
AEPOS Technologies Corporation
200-200 Rue Montcalm
Gatineau, Quebec J8Y 3B5
(819) 772-8522 (W)
(819) 772-0449 (F)
http://www.aepos.com
-----Original Message-----
From: prasanna.mukundan@wipro.com [mailto:prasanna.mukundan@wipro.com]
Sent: August 23, 2005 01:19
To: pen-test@securityfocus.com
Subject: QualysGuard - VA/PT appliance
http://www.qualys.com/products/qgcons/
We have are evaluating an appliance by Qualys, called QualysGuard that
purportedly "enables security auditors to scope and perform detailed
vulnerability assessments anytime, anywhere, using nothing more than a
Web browser."
Has anyone used this appliance? If so could you give me your feedback on
the product?
From what I have seen of it in a couple of days, it seems to initiate a
scan(for s/w vulnerabilities) from the intranet of a network, but sends
the data to the internet/qualys server (and accessed via qualys'
website), which imo while have the regulators and auditors screaming. I
would appreciate if anyone could confirm/correct that.
Thanks,
Prasanna
Confidentiality Notice
The information contained in this electronic message and any attachments to
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or
Mailadmin@wipro.com immediately
and destroy all copies of this message and any attachments.
