Network vulnerability and port scanning services
I'm setting up a periodic port scan and vulnerability scan for a medium-sized network implementing a customer-facing web application. The hosts run CentOS 5.4.
I've used tools like Nmap and OpenVAS, but our firewall rules have special cases for connections originating from our own facilities and servers, so really the scan should be done from the outside.
Rather than set up a VPS or EC2 server and configuring it with various tools, it seems like this could just be contracted out to a port and vulnerability scanning service. If they do it professionally they may be more up to date than something I set up and let run for a year...
Any recommendations or experience doing this?
Solution 1:
I've automated scanning before, but did not use an outsourced scanning service. On the topic of outsourced security services for scanning, many people I know swear by Rapid7. They also have HD Moore on staff so they certainly know penetration testing and Metasploit.
It is trivial to use Nmap or Nessus scripted, encrypt the output and send it to yourself via email.
You could also regularly assess compliance with a hardened baseline to ensure they are not deviating from it over time, or introducing new risks..
If you are a security guru, I'd keep it in house, but otherwise, I would outsource it.
Keep in mind that to get accurate results from vulnerability scanning & compliance analysis, you'll need to perform authenticated scans from inside the firewall(s).
Solution 2:
It sounds like you're not looking for Web service tests but general network pen testing. I'd say the best bet is farm it out to guys like Offensive Security of Backtrack fame, and even if you don't contract them to do the work, they could provide your internal team with training for it.
I was lucky enough to take advantage of some of their early training (before they monetized) and they're really good either way.
(Insert blurb about wretched compliance testing here)
Solution 3:
Take a look a Nessus ( http://nessus.org/nessus/ ). I've setup and used this in a past job and I think it does exactly what you are asking for. It handles network vulnerabilities both remotely or by setting up an agent on the target host.
Edit: oh, it looks like openvas is a fork of Nessus...