On 2014 Mar 18, at 12:39 , A O Doll <[email protected]> wrote: > Question from a rookie here: > Is it wise to rely on a scanner to check critical points? If the scanner has > its own set of priveleges, is it feasible that someone might use this as a > means to attack the network?
This a likely scenario now, no longer a hypothetical issue. Leveraging automated credentials to pivot to new systems in an attack is a serious problem. Unfortunately, the trend seems to be moving in the direction of credentialed agentless scanning, despite the fact that it creates more risk for less benefit than the push based scan approach, where a local agent acts to collect data and push just the results up. Vendors want what is easy, not necessarily what is safe or effective. > Also, a suggestion for output: > Each scan is logged in a spreadsheet with a date and time, and any issues > raised. The spreadsheet is emailed internally to the operator, who can then > review it. Always put results into a DB, never a spreadsheet. Even the act of accessing the vulnerability results need to be logged. ---- "The speed of communications is wondrous to behold. It is also true that speed can multiply the distribution of information that we know to be untrue." Edward R Murrow (1964) Mark McCullough [email protected] _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
