I found it to intrusive for what we had in mind. The product requires ePolicy server, sql server, big management console and required a few open ports to function (people can see a quick discussion about those ports and trying to understand why they were there in the pen-test mailing list a few weeks ago see: http://www.securityfocus.com/cgi-bin/archive.pl?id=101&start=2001-11-27&end= 2001-12-03&threads=0&mid=Pine.BSI.4.05L.10110301500400.2673-100000at_private et ). When I started looking for something distributed, I was looking for something very flexible and light so it could be installed on consultants laptop and something that we could deploy in various environments without problems. I knew that Nessus was a good product (and we were already using it) but it didn't fit the criteria. When I saw Vigilante, I was something interesting and the thing that completely sold me is the fact that in the agent to management console, the agent is the initiator of the communication. This little thing makes the big difference and solved most of the problems I had with other products. You can deploy agents and tell them to connect to the console and they report back to you and doing so via a outbound connection. If you set it to connect to port 80, a lot of corporate firewalls will let the traffic pass so you can have agents inside corporate networks and you have access to them via a secondary network. The agent is a simple service on the host so it's not very intrusive. On the other hand, I Distributed Cybercop is a better solution for very large organization that already have ePolicy server. The deployment capabilities of Distributed Cybercop is better then SecureScanNX if you keep it inside the corporate network. I know a lot of big firms are looking to cut down on their cost or trying to cope with the fact that a ton of people are getting laid off so distributed scanners can help in the process so you can centralize the management. just my 0.2$ -----Original Message----- From: H Carvey [mailto:keydet89at_private] Sent: Thursday, November 29, 2001 1:30 AM To: pen-testat_private Subject: Sacha, was => Re: opinions on Vigliante's SecureScanNX for attack/pen work? In-Reply-To: <000301c17772$c772c850$66d3ca18@kidgnaped> > I took a look at Distributed Cybercop but I >quickly stop. It is a good product but to intrusive and not suited at all >for the type of work we were looking into Could you elaborate on what you mean by "too intrusive"? I think this would be very instructive for the rest of us. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Sat Dec 01 2001 - 09:12:18 PST