Security Basics mailing list archives
Re: Re: Vulnerability Assessment
From: mkburns () gmail com
Date: 23 Jul 2007 20:51:55 -0000
Personally I have issues with the Qualys solution as it requires that your vulnerability information be stored offsite at Qualys. Which even if your happy someone else having access to this information, what happend if your Internet connectivity is bought down during an attack? In regards to Foundstone, as a scanner it is fine, however from a scalability point of view it is not very flexible, with each scanner requiring a full copy of Windows 2003 Server, IIS and SQL - if you deploy multiple scanners and want to centrally collate your results then you need to use and export/import utility. If you purely want a scanner stick with Nessus. If you want a vulnerability management system, whereby you can centrally collate you results, track the remediation of vulnerabilities, fine grain reporting and the flexibility to install the scanner on Windows platform then I would recommend eEye Retina and REM Console.
Current thread:
- Re: Vulnerability Assessment Mondai Ji (Jul 23)
- <Possible follow-ups>
- Re: Vulnerability Assessment Colin Grady (Jul 23)
- RE: Vulnerability Assessment Gibbs, Jason (Jul 23)
- Re: Vulnerability Assessment Danux (Jul 26)
- Re: Re: Vulnerability Assessment mkburns (Jul 23)
- RE: Re: Vulnerability Assessment Gibbs, Jason (Jul 23)
- Administrators & Power Users Tinu Koshy (CISD) (Jul 24)
- RE: Administrators & Power Users Weir, Jason (Jul 24)
- Re: Administrators & Power Users Kurt Buff (Jul 24)
- RE: Re: Vulnerability Assessment Gibbs, Jason (Jul 23)
- Re: Re: Vulnerability Assessment Michael Graham (Jul 24)
- Re: Vulnerability Assessment Deepak Parashar (Jul 23)
- Re: Vulnerability Assessment jfvanmeter (Jul 24)
- Re: Vulnerability Assessment holger . reichert (Jul 26)
- Re: Vulnerability Assessment Uzair Hashmi (Jul 26)
- RE: Vulnerability Assessment tima (Jul 26)