Hi Alfred, I did some research on this for my former employer; the results are not online though but I will commment: Main disadvantages: a)the level of intrusiveness and information leaks. With online scanners you will end with someone else (third party) having detailed information on your vulnerabilities. This is simply not an option for some financial and governamental institutions (they require full control). b) With most products you end up with scanning probes comming through the net from and to fixed points. If someone in between is listening it may discover the types of attacks and even the results (for example your ISP or the ISP of your online scanning provider). There are alternatives such as scan engines appliances which is the case of Qualys, I'm not sure of Vigilante or FoundStone's FoundScan but it probably is too. With these appliances the scanning process takes place inside your borders and results are then sent encrypted to the provider; there is no much "online" on this process though but I believe it is more secure and also allows you to scan internal server in security zones. c) You are limited to scan only servers visible from the outside Main advantages: scan frecuency and correlation. The idea behind online scanning is doing scans as frequently as possible. Instead of scanning your servers once a month you could do it almost daily. This allows you to use the scanner's results with the patch management process (it will tell you what was patched and when). Also, by reducing the time gap you are able to react faster; In a worst case scenario with traditional scanning (say you scan your servers once a month), a new vulnerability might arise the day after your last scan. You either do another scan after upgrading your scanner's signatures or wait until the next month. With the appliance technology I believe that the advantages are mantained while the disadvantages of traditional online scanning are reduced. I hope this helps... Omar Herrera > > Hey all, > > I have a question, which is two fold. First can anyone > point me to comparison articles of online scanners (such > as Foundstone) vrs. standalone applications such as ISS? I > am looking for technical comparisons not a treatise on the > benefits of someone managing your scanning for you or not. > > The second part of the question is, are their any > technical advantages between the two setups? I understand > this overlaps with the first question but I ask this after > having searched for good writeups and came out with very > little. > -al > > > Alfred Huger > Symantec Corp. > > > ---------------------------------------------------------- > ------------------ <Pre>Do you know the base address of > the Global Offset Table (GOT) on a Solaris 8 box? CORE > IMPACT does.</Pre> <A > href="http://www.securityfocus.com/core"> > http://www.securityfocus.com/core> ---------------------------------------------------------------------------- <Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box? CORE IMPACT does.</Pre> <A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>
This archive was generated by hypermail 2b30 : Thu Feb 27 2003 - 09:45:04 PST