[unisog] Automated vulnerability tests upon host to network attachment

lifeisarush at hush.com lifeisarush at hush.com
Thu Jul 3 01:38:27 GMT 2003


Greetings,

I have just come accross  this software which might be relevant to this
issue. It is still in beta testing stage:

http://www.intrusec.com/beta/






From: John Kristoff [mailto:jtk at depaul.edu] 
Sent: Thursday, 15 May 2003 8:44 AM
To: unisog at sans.org
Subject: [unisog] Automated vulnerability tests upon host to network
attachment

>Is anyone doing or aware of someone doing automated vulnerabiity tests
>on hosts as they attach to the network.  So for example, as soon as
a >host comes online and causes an ARP entry to be created in the first
>hop router, a monitor process which watches the ARP table kicks of a
>job to automatically scan the newly connected host for something like
>the top 10 SANS vulnerabilities, generating the necessary report/alert
>to an admin?

>There are some potential issues regarding faked ARP/IP entries, but
>some clever coding and in-network protections (e.g. port security) >could
help throttle or detect those sorts of problems so that an admin >isn't
swamped.  There could also be some "not seen in X period of >time" checks
that could be tweaked to suit the environment.

>This is somewhat admittedly a strong-armed approach to identifying and
>securing hosts, but my first thought is that it seems that the best
>time with which to get admins to take down their host and fix it is
>before its been online for too long.  Many people do periodic >vulnerability
scans and those should continue, but if there are a lot >of new hosts
that pop up on your network this could help reduce those >new hosts'
first MTTC (mean time to compromise :-) who very often have >bad defaults.

>Thoughts, pointers, experience to share?

>John

Cheers,

Jad Nehman

------------------
Life is a rush
------------------




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427



More information about the unisog mailing list