We have run Qualys test on a network using the Intranet scanning appliance, and it did indeed wreak havoc with a terminal server and a RAS server. This is possible with any vulnerability scanning tool, so I would not assume that Qualys is immune. There are so many variables that can cause a device or system to misbehave, which may end up being due to the way the target host was configured. For example, eEye prides themselves on being the safest assessment scanner that will not crash target systems. During our first lab tests we were able to crash a server we were testing. Back to Qualys: The reporting includes baseline and trending functionality that is pretty good. They have put quite an effort into data management. -----Original Message----- From: Chris Sharp [mailto:illectro2001at_private] Sent: Thursday, March 27, 2003 5:06 PM To: oherreraat_private; dan.lynchat_private; pen-testat_private Subject: Re: Vulnerability scanners They don't do active tests, so they don't exploit known bugs and crash servers during testing. top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
This archive was generated by hypermail 2b30 : Thu Mar 27 2003 - 16:19:27 PST