Network vulnerability and port scanning services

security port-scanning

I'm setting up a periodic port scan and vulnerability scan for a medium-sized network implementing a customer-facing web application. The hosts run CentOS 5.4.

I've used tools like Nmap and OpenVAS, but our firewall rules have special cases for connections originating from our own facilities and servers, so really the scan should be done from the outside.

Rather than set up a VPS or EC2 server and configuring it with various tools, it seems like this could just be contracted out to a port and vulnerability scanning service. If they do it professionally they may be more up to date than something I set up and let run for a year...

Any recommendations or experience doing this?


Solution 1:

I've automated scanning before, but did not use an outsourced scanning service. On the topic of outsourced security services for scanning, many people I know swear by Rapid7. They also have HD Moore on staff so they certainly know penetration testing and Metasploit.

It is trivial to use Nmap or Nessus scripted, encrypt the output and send it to yourself via email.

You could also regularly assess compliance with a hardened baseline to ensure they are not deviating from it over time, or introducing new risks..

If you are a security guru, I'd keep it in house, but otherwise, I would outsource it.

Keep in mind that to get accurate results from vulnerability scanning & compliance analysis, you'll need to perform authenticated scans from inside the firewall(s).

Solution 2:

It sounds like you're not looking for Web service tests but general network pen testing. I'd say the best bet is farm it out to guys like Offensive Security of Backtrack fame, and even if you don't contract them to do the work, they could provide your internal team with training for it.

I was lucky enough to take advantage of some of their early training (before they monetized) and they're really good either way.

(Insert blurb about wretched compliance testing here)

Solution 3:

Take a look a Nessus ( http://nessus.org/nessus/ ). I've setup and used this in a past job and I think it does exactly what you are asking for. It handles network vulnerabilities both remotely or by setting up an agent on the target host.

Edit: oh, it looks like openvas is a fork of Nessus...

Related

Tape Storage - How do I setup a tape backup system for use with my NAS
Help! The log file for database 'tempdb' is full. Back up the transaction log for the database to free up some log space
Android software for the system administrator on the move [closed]
How to disable System service from listening on port 80 in Windows Server 2003
How to store etckeeper repositories on a central server via git
Simulate SNMP traps to test surveillance
How to let users change linux password from web browser? [closed]
rsync --files-from or --include-from
Configure initramfs-tools to add curl to the initramfs, and run curl in a script at boot while in intitrd in Ubuntu 10.04 Server
How to view the localhost of another computer in the same network?
Are there any benefits to running Subversion server on Linux as opposed to Windows?
Simulate 502 & 504 on nginx