Alfred: I have taken down one of our mission-critical Oracle databases with a Nessus scan in the middle of a production cycle. Fortunately, it was in a high-availability environment and failover was smooth. Using Retina and GFILanGuard NSS, I have never brought down one of our DBs, but with Nessus I have managed to blow up an Oracle AIX server, a Win2K SQL Server and a WinNT SQL Server. And that's just with a scanner. Since Nessus with our current settings does not blow up anything but DB servers, we do not change the settings so we get the best results for the majority of our servers. But we do not use Nessus to scan Production DBs during production cycles any more, nor would we allow a consultant to do so. Any scanning / pen-testing of our Production DBs would have to be done during our very small windows of downtime. Having seen what I can do with a (relatively) simple scan, I can well understand why customers would react with horror to the thought of scanning/testing during production. geof _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 10:50:25 PDT