eEye Digital Security

Hi Everyone,

I wanted to ask your opinion about vulnerability assessment to a corporate network'ss external asset (Located in the DMZ, Firewalls).

Strategy: We plan to put the scanner outside of the corporate network (broadband connection in the house) to do the scan
Options: rent a linux server from any hosting company to do the scan

Difficulties:
1. If this is our strategy, are we able to succeed in identifying faster the vulnerability to our corporate network (External Assets located in the DMZ)?

2. What scanning method is best to be used (Unattenticated - Hacker Perspective) or Authneticated (Im not sure of the risk it will implicate)?
3. What are the other optionsan suggest we can improve the quality of the result

Im hoping you can share something on this.

What assets do you have outside of your network, in the DMZ, that you want to scan?

Are you wanting to use Retina?

 Almost all assets like web servers, firewall config, linux servers, FTP, etc. Im still in the prototype stage and probably be using NEssus or OPenVas becuase its free. But since its just temporary it will be replaced in the future

     Me personally if I was going to do pen testing on assets outside of a network, I would use the Unauthenticated - Hacker Perspective style you were speaking about.

     If I was conducting pen testing, internally on my network, I would do the opposite.

     I am sure someone from eEye can comment further on such techniques a lot better than I can.

Hi Blue1978,

I thought of unauthenticated scan also from the external, thank you for your thoughts. I hope many more information to come and reply to this blog

Any idea of the cost?

I received a quote that is ranging from 7,000- 10,000 usd.   Im not sure the figure and I think this quote is very huge

What is being provided to you for services, as part of the quote you received (i.e. equipment provided, etc).

Did the quote involve someone else conducting the tests on your network or what?

I know eEye's products are as follows:

http://shop.eeye.com/store/eeyeinc/DisplayProductDetailsPage/productID.51655400  (for scanning systems)

http://www.eeye.com/html/products/RetinaWebScanner/index.html   (for scanning websites)

     I guess it depends what your looking for and who is providing it.  Both of eEye's products together total about $7,000, if your strictly wanting to do it yourself by scanning the systems themselves (not an actual website).  Your looking at around $700 or so and at least one system with Windows 2000/XP/2003 is required to run the scanner from.  eEye will have to confirm this, but I think Retina also is able to scan Linux systems and so forth.  You are also entitled support through your own Customer Portal if you purchase such products through eEye.

     A good person to ask about this stuff via email is Brian Patten, from eEye, at bpatten@eeye.com

Hi Blue,

What framework or standard you know regarding vulnerability Assesment. I wanted to tailor my requirement before looking into

the price and cost of the service. I wanted to know the industry standard they are following like COBIT, ISO, etc.

Blue is correct that Retina scan scan any device w/ an IP address (Windows, Unix, Linux, Mac, etc).

Retina just installs on a Windows-based OS. If you're concerned about risk surface for putting a scannning device in your DMZ, you may want to consider an Appliance. Our Appliances are hardened embedded OSes.

If you need specifics about the scanner and standards we follow, I'd suggest you contact eEye Sales (sales@eeye.com) or via phone.

Hope that helps.

ny101880:

I wanted to know the industry standard they are following like COBIT, ISO, etc.

I have not dealt a lot with other scanners.  I have tried Nessus and GFI Languard.  Retina to me was easier to use.  As far as what standards those support, I am not for sure so I could not comment intelligently enough on them.  As far as Retina, eEye created a very nice little diagram that breaks down what regulatory compliance they meet and so forth.  It can be viewed here:  http://www.eeye.com/html/compliance/index.html