Onderwerp: What can a Remote Vulnerability Scanner do in Future?

hi there:
I'm engaged in design a Remote Vulnerability Scanner. We have done
a non-preemptive multithread engine and written almost 2000
vulnerability plugins. Each one of plugins according to one CVE ID.
After we done these work, we get confused and don't know what to
do. first, although Microsoft release several security issue every
month, most of them are local. What our Remote Vulnerability Scanner
could do is just login in remote Windows host via SMB protocol and do
Registry of file version check. These could be done on some Windows
with SMB username/password provided. But Windows XP with sp2 enhance
the security configuration and block these checking way. So we can not
do local check on Windows XP sp2 except ask customers to do a lot of
complex configuration.
Eeye scanner could not do remote local check too. So I am consider
what can Remote Vulnerability Scanner do? Will this thing disappear in
the future?

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

--0-1984922602-1139786181=:8318
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8BIT

On Mon, 6 Feb 2006, Alice Bryson wrote:

....
> Eeye scanner could not do remote local check too. So I am consider
> what can Remote Vulnerability Scanner do? Will this thing disappear in
> the future?

Scan for remote vulnerabilities. Scanning for local
vulnerabilities can obviously only be done locally.

Basically you need to have a remote access method before you can
do anything remotely. It might be useful to get a windows version of sshd
or cfengine. Another possibility would be to make the local scanner
executable available on the network, and then have each machine
individually download it and run it locally.

Basically, to check for local vulnerabilities, you need:
1. A deployment process (hopefully simple)
2. An execution process

This is exactly what cfengine was designed to solve in the Unix
world.

--
Kind Regards,
*
Tim Nelson
Server Administrator
*
P: 03 9934 0888
F: 03 9934 0899
E: tim.nelson@webalive.biz
W: www.webalive.biz
*
WebAlive Technologies
Level 1, Innovation Building
Digital Harbour
1010 La Trobe Street
Docklands Melbourne VIC 3008

This email (including all attachments) is intended solely for the named addressee. It is confidential and may contain legally privileged information. If
you receive it in error, please let us know by reply email, delete it from your system and destroy any copies. This email is also subject to copyright. No
part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.

Emails may be interfered with, may contain computer viruses or other defects and may not be successfully replicated on other systems. We give no
warranties in relation to these matters. If you have any doubts about the authenticity of an email purportedly sent by us, please contact us immediately.

--0-1984922602-1139786181=:8318--