[unisog] SUMMARY: Vulnerability Scanners

Russell Fulton r.fulton at auckland.ac.nz
Thu Jan 29 23:43:02 GMT 2004



> I ignored people using nmap and specific exploits or specialized
> scanners for specific vulnerabilities. However, this seems to be an
> almost universal practice -- to some extent, it seems like people don't
> totally trust the large scale tools to catch specific vulnerabilities
> that are common as much as they trust single purpose tools.

In my case it is a matter of time.  I can run a specific tool across our
class B in an hour and get a report (usually on line per host or
vulnerable host) which I can then process automatically so a faculty IT
manager gets a single email listing all the machines in his area that
need attention.

In contrast we recently had a network audit done by an out side firm. 
They ran nessus over parts of our network infrastructure and presented
us with about 30 pages of crap which alarmed our managers until I
explained that nearly everything that was raised were issues that we
knew about and had decided to live with.  This isn't a problem with
nessus, just in the way it was used (abused?) but it highlights the
problems with using generic scanners on large open networks without
first doing a lot of work to narrow the scans down (or alternatively a
lot of work afterwards sorting the wheat from the chaff).

What I would really like to do is to get a set of nessus plugins that 
     A. test for well know common problems
     B. have low false +ve rates
     C. are quick to run.

I would then be happy to run this over the whole network.

Unfortunately I have never had the time to investigate this thoroughly
:(


Cheers, Russell



More information about the unisog mailing list