Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 020321.html (Request Expert securityfocus.com Support)

Re: Online Scanning Services Vrs. Stand Alone Applications

From: oherrera <oherrera(at)Prodigy.Net.mx>
Date: Thu Feb 27 2003 - 10:12:45 EST


Hi Alfred,

I did some research on this for my former employer; the results are not online though but I will commment:

Main disadvantages:
a)the level of intrusiveness and information leaks. With online scanners you will end with someone else (third party) having detailed information on your vulnerabilities. This is simply not an option for some financial and governamental institutions (they require full control).

b) With most products you end up with scanning probes comming through the net from and to fixed points. If someone in between is listening it may discover the types of attacks and even the results (for example your ISP or the ISP of your online scanning provider). There are alternatives such as scan engines appliances which is the case of Qualys, I'm not sure of Vigilante or FoundStone's FoundScan but it probably is too. With these appliances the scanning process takes place inside your borders and results are then sent encrypted to the provider; there is no much "online" on this process though but I believe it is more secure and also allows you to scan internal server in security zones.

c) You are limited to scan only servers visible from the outside

Main advantages: scan frecuency and correlation. The idea behind online scanning is doing scans as frequently as possible. Instead of scanning your servers once a month you could do it almost daily. This allows you to use the scanner's results with the patch management process (it will tell you what was patched and when). Also, by reducing the time gap you are able to react faster; In a worst case scenario with traditional scanning (say you scan your servers once a month), a new vulnerability might arise the day after your last scan. You either do another scan after upgrading your scanner's signatures or wait until the next month.

With the appliance technology I believe that the advantages are mantained while the disadvantages of traditional online scanning are reduced.

I hope this helps...

Do you need help?X

Omar Herrera

>
> Hey all,


<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core</A> Received on Thu Feb 27 12:45:21 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:33 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library