RE: QualysGuard

From: DeGennaro, Gregory (Gregory_DeGennaro@csaa.com)
Date: Wed Aug 25 2004 - 10:36:53 EDT


It is a good product, except all your data is kept in a "secure"
repository back at their HQ. The good thing about this is you can
access your box indirectly from anywhere and view the results. The draw
back, is that Qualys could gain access to your data as well as a hacker
(cracker) who had gained access into the Qualys network.

The Qualys appliance appears to be fairly secure running GENTOO Linux as
its OS. The appliance's HDD is encrypted and the there is no direct
access into the appliance. All of the commands that the appliance
receives is from a pull to the web portal from Qualys that you access
from anywhere. The appliance will push data to the web portal after
each scan.

It is a really good appliance\service. The draw backs are cost and the
storage of company information at an external repository which will need
a risk acceptance from management.

Regards,
 
Greg DeGennaro Jr., CISSP, CCNP
Systems Engineer

-----Original Message-----
From: Eric Danso [mailto:edanso@myblackberry.com]
Sent: Tuesday, August 24, 2004 8:50 AM
To: pen-test@securityfocus.com
Subject: QualysGuard

Has anyone on this list had a chance to use this product.

I'm interested in getting a Vulnerability scanner that is
the defacto of the Industry.

Any info would be great.
Regards,

Eric Danso

---
Sent via BlackBerry.
------------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Check out our Advanced
Hacking course, learn to write exploits and attack security
infrastructure. Attend a course taught by an expert instructor with
years of in-the-field pen testing experience in our state of the art
hacking lab. Master the skills of an Ethical Hacker to better assess the
security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
-------
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:01 EDT