AW: QualysGuard - VA/PT appliance

From: Engelke, Stephan (engelke@gmx.net)
Date: Wed Aug 24 2005 - 04:03:43 EDT


Hi everyone,

we are using this appliance to conduct vunlerability assessments in LAN environments [it came with the "consultant" package we ordered]. Essentially the appliance is a proxy for the scanners places in the Qualys datacenter. It is controlled via the web account. All actions are triggered via the internet and all generated data is stored with the Qualys-account which initiated the scan.

This data is stored encryptedly and is only accessiblle by the user. The username / password combination is used to unlock the key which encrypts the data in the database. If the password is lost, noone - and this includes Qualys personell - can gain access to the data.

What you need to run the applicance is an ip address inside the LAN, a network jack (of course) and access to the Internet via port 443. This port may be proxied, the appliance allows for this.

I have seen this solution deployed in large companies, including banks. I consider myself pretty paranoid, but the security measures I have seen as far as data protection goes, are IMHO sufficient.

Cheers - Stephan

> -----Ursprüngliche Nachricht-----
> Von: prasanna.mukundan@wipro.com [mailto:prasanna.mukundan@wipro.com]
> Gesendet: Dienstag, 23. August 2005 07:19
> An: pen-test@securityfocus.com
> Betreff: QualysGuard - VA/PT appliance
>
>
> http://www.qualys.com/products/qgcons/
>
> We have are evaluating an appliance by Qualys, called
> QualysGuard that purportedly "enables security auditors to
> scope and perform detailed vulnerability assessments anytime,
> anywhere, using nothing more than a Web browser."
> Has anyone used this appliance? If so could you give me your
> feedback on the product?
>
> From what I have seen of it in a couple of days, it seems to
> initiate a scan(for s/w vulnerabilities) from the intranet of
> a network, but sends the data to the internet/qualys server
> (and accessed via qualys'
> website), which imo while have the regulators and auditors
> screaming. I would appreciate if anyone could confirm/correct that.
>
>
> Thanks,
> Prasanna
>
>
>
>
> Confidentiality Notice
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive
> use of the addressee(s) and may contain confidential or
> privileged information. If you are not the intended
> recipient, please notify the sender at Wipro or
> Mailadmin@wipro.com immediately and destroy all copies of
> this message and any attachments.
>




This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:47 EDT