Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: QualysGuard

From: Aurélien Cabezon <aurelien.cabezon () isecurelabs com>
Date: Fri, 27 Aug 2004 22:00:39 +0200
 
 | It is a good product, except all your data is kept in a "secure"
 | repository back at their HQ.  

Maybe more secure than a box on the company's network... 
What append if such a box get hacked ?

 |The good thing about this is 
 | you can access your box indirectly from anywhere and view 
 | the results.  The draw back, is that Qualys could gain 
 | access to your data as well as a hacker
 | (cracker) who had gained access into the Qualys network.

Datas are encrypted with the customer's password as encryption key. 
Qualys's customers can also access their datas with a SecureID authentification.
 
 |  The appliance will push data to the web portal after each scan.

Threw an ssl tunnel.

Regards,

        Aurélien Cabezon


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: