So looking into a scanner to scan our internal networks/ domains / servers for vulnerabilities.
Using Nexpose Community Edition at the moment,
I suppose my question is… what are the alternatives and pros and cons ?
29 Spice ups
ctyrrell
(Colin7944)
2
How good is Nexpose? And why are you looking at an alternative?
Apologies for hijacking your post!!
1 Spice up
tobywells
(toby wells)
3
Qualys
Pros - its really excellent
Cons - its really expensive and you need training to get the most out of it
3 Spice ups
OpenVAS
It’s free and open source.
http://www.openvas.org/
Theres also, GFI Languard which is pretty awesome: GFI LanGuard
4 Spice ups
dszulc
(Viper One)
5
We are now using Nessus
We are going for the top PCI compliance level and it helped us a lot with finding holes on the network and devices. Well recommended
11 Spice ups
community edition is limited as its not the enterprise version, we might be looking for a tool so before we purchase a full enterprise package, want to explore the different packages available .
I used to use Nessus when it was free on backtrack but sadly no more …
zzaffis
(ZZaffis)
7
Nmap’s Extensive Scans will show you every open port on your systems for every IP on the network. It’s also very hand for an external whitebox test on your network, among other things. Like mapping your network internally!
Note this is strictly on a network and open port level to dig deeper you are going to need other software. Most of which has been mentioned above!
-ZZ
1 Spice up
OpenVAS is great, Nessus is good too if you can afford the subscription (which isnt all that much) but OpenVAS and Nessus started out as the same product so they have many similarities.
1 Spice up
Agree with others about OpenVAS or Nessus
1 Spice up
Another vote for OpenVAS. Grab a copy of Kali linux, all of the packages for OpenVAS are already installed and configured for you.
We’ve been using DDI Frontline. They have been very responsive, knowledgeable, and they stay on top of things like nobody we’ve seen to date. We are usually in the loop on vulnerabilities and exploits a day before you hear about them on blogs or elsewhere on the Internet.
I think they’ve been invaluable in helping us to get all of our vulnerabilities patched.
jasonvivier
(JasonVivier)
12
I’ve used all of the above and others in the past (CoreImpact anyone?). NeXpose is the boss. But not because it’s a better scanner, as scanners go they are all mostly the same, it’s because the remediation options are so good.
Nessus, will give you a link to remediation issues and a line of research to follow. The Nessus remediation report doesn’t offer much.
NeXpose will slash remediation time to almost nothing because it really does offer the best solutions. Also if you need to prove that something is vulnerable, which you should always do, the Metasploit integration is essential.
Having said that, it doesn’t matter which one you choose. Just spend some time to master it.
Hell OpenVas is a great scanner, it’s all just a matter of perspective.
1 Spice up
dszulc
(Viper One)
13
Yes. We’ve implemented a Lumension Patching and Remediation to do that as it allowed us it replace WSUS and does have a MAHOOSIVE amount of patches for MS products as well as 3rd party apps + a plethora of security settings and app configs that we can apply to our machines.
eddie4
(EddieMoore)
14
We’ve used Hacker Guardian for PCI compliance, they have a free scan that we first used but wound up purchasing. It did the job identifying vulnerabilities but we did have an issue with it gigging us for some ciphers on our load balancer that we were offloading SSL on, even though we set our load balancer to not use the ciphers. We contacted them and let them know what we did to correct the issue and they emplaced an exception that showed on the report.
We’ve just started using Acunetix for another project, so far it seems to be doing a good job. We purchased a subscription to their online scanning tool for 5 targets. There’s a verification you have to perform on the target and I didn’t realize I needed to put http or https for the host that I only provided the Fully Qualified Domain Name. This caused a problem with the verification since it defaults to http if you don’t provide either and since the site allows only https, it was failing. Their support lined me out in a reasonable time and I’m doing scans now. Another thing to be aware of is that you have to validate account information which can take up to 1 business day.
please take a look at Vega vulnerability scanner. one can type in a url and the program will list all the holes in your website or domain. the site is www.subgraph.com oh and its free too
Nessus is reasonably priced and comes as a virtual appliance which is pretty much foolproof.
2 Spice ups
You could look into an IPS/IDS. Sentinel IPS offers a free Network Gateway Assessment. It will log information about attacks, hacks, and other malicious traffic. You can view reports and attack summaries in real-time, and configure the unit to send you email alerts. We then will run a certified ASV mapping scan of your network , after 1-2 weeks we review the data with you. Sentinel IPS sits outside of your firewall to watch inbound/outbound traffic to help mitigate malware. This video explains more about what it does. Let me know if you have questions.
If you go OpenVAS route I would advise against getting Kali Linux, not that Kali Linux is bad… its just that OpenVAS is designed to do periodic scans and alert you via email when there is an issue that has popped up. I personally wouldnt want to keep a full blown pentesting distro on in my work environment. Youd be better off downloading CentOS 6.5 (as of a month or two ago not all packages worked for 7), adding the atomic repository, and doing a yum install on it… there isnt any having to hunt down packages or anything and takes all of 5 minutes to install once everything is downloaded.
tonystahl
(lhatsynot)
20
We use Nessus and it works well. I dont mess with it much and didnt know it came as a virtual appliance so I will be looking into that.
