PaulDotCom mailing list archives

Re: Small/Medium Business Scanner

From: Kevin Shaw <kevin.lee.shaw () gmail com>
Date: Wed, 19 Jan 2011 13:08:36 -0500

I second Nessus. I get all the client software vulnerabilities and since I'm
not allowed to exploit them during most of my tests, I share names and
snippets and links to the respective exploits to show their "let's patch
service vulnerabilities first" mindset should be slightly adjusted. Getting
a list of all software running on a system is nice too - and it works on
Windows and Linux with the respective credentials. I shopped around for my
company and this turned out the most affordable for how small they are.
On Jan 19, 2011 9:50 AM, "John Strand" <strandjs () gmail com> wrote:

You know I am biased.

However, I have had nothing but good results from Nessus.

Also, the reporting in the newest version is miles better then it was.

For the cost, you cannot beat it.

There has been a few people I have talked to recently that say that Nessus
does not do DB, network device or application level checks. Some say, it
only does OS checks. I do not quite know where this rumor started, but it
is untrue. It does excellent checks on these devices.

I am sure Paul or Ron know the specifics.

*Summon Gula or Asadorian!*

Finally, check out the credentialed scans. Rather than just checking for
external vulnerabilities, you can also check client side software as well.

HTH,

John



On Tue, Jan 18, 2011 at 10:59 AM, Butturini, Russell <
Russell.Butturini () healthways com> wrote:

I'd just double check and make sure you understand the licensing options
for Nexpose. There are some very affordable ones that don't' require

buying

big hardware and are optimized to run on notebook PCs.

-----Original Message-----
From: pauldotcom-bounces () mail pauldotcom com [mailto:
pauldotcom-bounces () mail pauldotcom com] On Behalf Of Zate Berg
Sent: Tuesday, January 18, 2011 10:29 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Small/Medium Business Scanner

I'd vote for Nessus in your situation too. Possibly combine it with
something like Seccubus (V2 is due out soon).

Zate

On Tue, Jan 18, 2011 at 10:00 AM, Dark Harper <darkharper2 () gmail com>
wrote:

Hi all,

This ones probably been around and around a dozen times but I'm after
some advice/recommendations on a vulnerability scanner for a small to
medium sized business.

My short list is now down to two - Nessus or NeXpose.

Our environment is spread across three sites, around 50 nodes in each.
The sites are not permanently linked. One of those sites is PCI DSS

compliant.

I've been using OpenVAS but am not a fan. Access to remote scanners
is via SSH tunnels/small links.

Cost is definitely a consideration as budget is tight this year. I'm
leaning towards Nessus as it is miles cheaper than NeXpose and
requires much lower spec hardware from what I can tell. Recent
Metasploit plugin is also a plus. Can anyone say why I would put up the

extra cash for NeXpose?


-Dark



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

******************************************************************************

This email contains confidential and proprietary information and is not

to

be used or disclosed to anyone other than the named recipient of this

email,

and is to be used only for the intended purpose of this communication.

******************************************************************************

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
John Strand
Office: (605) 550-0742
Cell: (303) 710-1171

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Small/Medium Business Scanner Dark Harper (Jan 18)
- Re: Small/Medium Business Scanner Zate Berg (Jan 18)
  - Re: Small/Medium Business Scanner Butturini, Russell (Jan 18)
    - Re: Small/Medium Business Scanner John Strand (Jan 19)
    - Re: Small/Medium Business Scanner Ron Gula (Jan 19)
    - Re: Small/Medium Business Scanner Kevin Shaw (Jan 19)
    - Re: Small/Medium Business Scanner Paul Asadoorian (Jan 19)
    - Re: Small/Medium Business Scanner Dark Harper (Jan 26)