lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040428223535.GO30960@mars-attacks.org>
From: boklm at mars-attacks.org (nicolas vigier)
Subject: Top 15 Reasons Why Admins Use Security Scanners

On Wed, 28 Apr 2004, Joel R. Helgeson wrote:

> 
> Top 15 Reasons Why Admins Use Security Scanners
> 
> This list has been compiled by emailing various Security/Admin lists...
> Anyone care to offer their input - add to the list?
> 
> -Am I sure that I have found all vulnerabilities in my network?

Unfortunately you cannot really be sure that you have no known
vulnerabilites in your network with most scanners.
Sometime if you use a scanner like nessus and have a network of
debian stable machines (or any other OS which doesn't upgrade
the version of a program when a vuln is found but instead backport
the fix in order to avoid problems with upgrade which change too
much things) you get too much false positive because nessus only
try to find the version and don't really test the vulnerability.
I think the right way to do it is to use a scanner which will use
an exploit to test the vulnerability. Unfortunately an exploit is
not always avaible for every vulnerability.

What scanner are you using ?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ