Re: Vulnerability scanners

From: Alvin Oga (alvin.secat_private-Consulting.com)
Date: Thu Mar 27 2003 - 13:31:10 PST

Next message: Rob Shein: "RE: Vulnerability scanners"

Previous message: Ken Smith: "RE: Vulnerability scanners"
In reply to: Jeff Williams @ Aspect: "Re: Vulnerability scanners"
Next in thread: Rob Shein: "RE: Vulnerability scanners"
Next in thread: Rob Shein: "RE: Vulnerability scanners"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi ya

On Thu, 27 Mar 2003, Jeff Williams @ Aspect wrote:

> Let's assume that you're talking about 256 IPs (based on Qualys' published
> pricing), and you want to scan weekly.  That's at least a day a week of

their "mail server scanning" is pointless ???  ( when we tried it out )
	- just a bunch of dictionary names for your-domain.com

vulnerability scanning and pen-testing ...
	- you can do quickie tests..
	( few minutes - couple hours )

	- you can and SHOULD do it every time something changed
	( incremental costs should be minimal )

	- you should go back and see what other vuln tests you or your 
	other hired  testors didnt check earlier...
	( few days, few weeks )

	- repeat round and round

- most of the scanning can be automated

- think one can also apply all the scriptkiddie scripts automatically  ??

- automation is the key ... people will get tired of running the same
  repeatative tests

> effort for someone (probably more to generate a very nice report and
> summaries).  The cost of a full-time sysadmin (including salary, benefits,
> office, etc...) probably costs well north of $100K.  You'd have to include
> some equipment costs in there.  So I doubt you could do it much cheaper.
> I think vulnerability scanning is a reasonable thing to outsource for
> companies that are not in the security or networking field already.

you do need a qualified testor ... newbies wont knwo what to look for 
and how to test it ..

i'd say a good vulnerability scanner and pen-testor would run
$150K  in salaries  + double it for insurance, benefits, office space,
phones, lab, PCs, test archives, etc
	plus probably an additional knowledgeable secretary to type up
	pretty reports and attachements

"good"  == they can find the obvivious holes... in a matter of minutes
	- break into any pc running sendmail earlier than 8.12.8
	- break into any apache w /443 left on
	- break into wireless sites w/ telnet/ftp/pop3 left on inside
	... blah .. blah ..

c ya
alvin


top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1

Next message: Rob Shein: "RE: Vulnerability scanners"
Previous message: Ken Smith: "RE: Vulnerability scanners"
In reply to: Jeff Williams @ Aspect: "Re: Vulnerability scanners"
Next in thread: Rob Shein: "RE: Vulnerability scanners"
Next in thread: Rob Shein: "RE: Vulnerability scanners"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 14:10:21 PST