[Full-disclosure] Re: What can a Remote Vulnerability Scanner do in Future?

Aaron microchp at microchp.org
Wed Feb 15 22:01:46 GMT 2006 

Nessus can do local checks on windows/unix from remote. 
 nessus.org.

Dont let the good looking web site scare you either.  It 
is still free afaik.

:)

--Aaron


On Mon, 13 Feb 2006 10:16:22 +1100 (EST)
  Tim Nelson <security at webalive.biz> wrote:
> On Mon, 6 Feb 2006, Alice Bryson wrote:
> 
> ...
>>    Eeye scanner could not do remote local check too. So 
>>I am consider
>> what can Remote Vulnerability Scanner do? Will this 
>>thing disappear in
>> the future?
> 
> 	Scan for remote vulnerabilities.  Scanning for local 
> vulnerabilities can obviously only be done locally.
> 
> 	Basically you need to have a remote access method 
>before you can 
> do anything remotely.  It might be useful to get a 
>windows version of sshd or cfengine.  Another possibility 
>would be to make the local scanner executable available 
>on the network, and then have each machine individually 
>download it and run it locally.
> 
> 	Basically, to check for local vulnerabilities, you 
>need:
> 1.	A deployment process (hopefully simple)
> 2.	An execution process
> 
> 	This is exactly what cfengine was designed to solve in 
>the Unix 
> world.
> 
> -- 
> Kind Regards,
>  
> Tim Nelson
> Server Administrator
>  
> P: 03 9934 0888
>F: 03 9934 0899
> E: tim.nelson at webalive.biz
> W: www.webalive.biz
>  
> WebAlive Technologies
> Level 1, Innovation Building
> Digital Harbour
> 1010 La Trobe Street
> Docklands Melbourne VIC 3008
> 
> This email (including all attachments) is intended 
>solely for the named addressee. It is confidential and 
>may contain legally privileged information. If
> you receive it in error, please let us know by reply 
>email, delete it from your system and destroy any copies. 
>This email is also subject to copyright. No
> part of it should be reproduced, adapted or transmitted 
>without the written consent of the copyright owner.
> 
> Emails may be interfered with, may contain computer 
>viruses or other defects and may not be successfully 
>replicated on other systems. We give no
> warranties in relation to these matters. If you have any 
>doubts about the authenticity of an email purportedly 
>sent by us, please contact us immediately.

Full-Disclosure is hosted and sponsored by Secunia.