hi ya On Thu, 27 Mar 2003, Jeff Williams @ Aspect wrote: > Let's assume that you're talking about 256 IPs (based on Qualys' published > pricing), and you want to scan weekly. That's at least a day a week of their "mail server scanning" is pointless ??? ( when we tried it out ) - just a bunch of dictionary names for your-domain.com vulnerability scanning and pen-testing ... - you can do quickie tests.. ( few minutes - couple hours ) - you can and SHOULD do it every time something changed ( incremental costs should be minimal ) - you should go back and see what other vuln tests you or your other hired testors didnt check earlier... ( few days, few weeks ) - repeat round and round - most of the scanning can be automated - think one can also apply all the scriptkiddie scripts automatically ?? - automation is the key ... people will get tired of running the same repeatative tests > effort for someone (probably more to generate a very nice report and > summaries). The cost of a full-time sysadmin (including salary, benefits, > office, etc...) probably costs well north of $100K. You'd have to include > some equipment costs in there. So I doubt you could do it much cheaper. > I think vulnerability scanning is a reasonable thing to outsource for > companies that are not in the security or networking field already. you do need a qualified testor ... newbies wont knwo what to look for and how to test it .. i'd say a good vulnerability scanner and pen-testor would run $150K in salaries + double it for insurance, benefits, office space, phones, lab, PCs, test archives, etc plus probably an additional knowledgeable secretary to type up pretty reports and attachements "good" == they can find the obvivious holes... in a matter of minutes - break into any pc running sendmail earlier than 8.12.8 - break into any apache w /443 left on - break into wireless sites w/ telnet/ftp/pop3 left on inside ... blah .. blah .. c ya alvin top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 14:10:21 PST