• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Nessus gets closed and Sourcefire bought!

N

n0cmonkey

Elite Member
Nessus 3 will be closed source. Nessus 2 will continue being offered, and plug-ins should be backwards compatible.

Apparently the author didn't like people using the license he chose against the company he created 4 years after creating nessus. 😛

The famed Fyodor responded with this message. He has some good points and suggestions.

Some people are thinking of a fork.

Check Point Software Technologies to aquire Sourcefire. This shouldn't affect the open snort we all use and love, but :shocked:

Interesting interesting news...
 
hmmm, never heard of nessus before (it's not like I'm a dedicated IT security specialist or anything). I'll have to put it in my Track-It list to check it out! 😀

So let me run this by you:

Let's say I set up a server and set it outside our firewall, on the internet, and have it run a test against all our internet IPs.

Then, how about I set up a second server and put it inside our network and have it run scans on all our internal servers, maybe even all our internal IPs, workstations and everything!

Browse the reports.

...

Profit?

Is this typically how this program is used?
 
posted by legendary hacker fyodor:
When asked why they are making this change, Renaud replied to the
Nessus list today that open source hasn't really worked for Nessus
because "virtually nobody has ever contributed anything to improve the
scanning _engine_ over the last 6 years." This may be the most
important and useful point we can take from this change. Open source
really is a two-way street. The only way we (open source projects)
can seriously compete with projects staffed by dozens or hundreds of
paid full time developers is by having hundreds or thousands of
volunteers each contributing a little bit part time.
Click to expand...

This is bad news for OSS and all security people, so if there is an open source tool you use i suggest you contribute to it before it disappears...
 
Originally posted by: Brazen
hmmm, never heard of nessus before (it's not like I'm a dedicated IT security specialist or anything). I'll have to put it in my Track-It list to check it out! 😀

So let me run this by you:

Let's say I set up a server and set it outside our firewall, on the internet, and have it run a test against all our internet IPs.

Then, how about I set up a second server and put it inside our network and have it run scans on all our internal servers, maybe even all our internal IPs, workstations and everything!

Browse the reports.

...

Profit?

Is this typically how this program is used?
Click to expand...

You could have one outside your network scan your external IPs, and one inside scan your internal IPs. Toss it on a laptop and it can do both. 😉

It'll scan for vulnerabilities and give you a report on what it found. You then have to track down all of the little things to see if there is really a vulnerability there or not.
 
Originally posted by: n0cmonkey
You could have one outside your network scan your external IPs, and one inside scan your internal IPs. Toss it on a laptop and it can do both. 😉
Click to expand...
Well, what I was thinking was... It can probably update on a schedule? And then, maybe I can have it scan on a schedule? like once a month? Then I can collect the reports, make sure no rogue machines have been added to our network, and check for any new vulnerabilities inside our network and from the internet.
 
Originally posted by: Brazen
Originally posted by: n0cmonkey
You could have one outside your network scan your external IPs, and one inside scan your internal IPs. Toss it on a laptop and it can do both. 😉
Click to expand...
Well, what I was thinking was... It can probably update on a schedule? And then, maybe I can have it scan on a schedule? like once a month? Then I can collect the reports, make sure no rogue machines have been added to our network, and check for any new vulnerabilities inside our network and from the internet.
Click to expand...

As long as the machine outside the network can reach the machines inside the network, it should work just fine.

I'm not sure how cronable it is though, I've only tried the X11 client.
 
Originally posted by: n0cmonkey
As long as the machine outside the network can reach the machines inside the network, it should work just fine.
Click to expand...

Well, actually that is why I said earlier to have one machine outside the network and one machine inside the network (as opposed to trucking it on a laptop). I suppooooose I could but two nics in it, one outside the network and one inside, buuuuuut I don't like that idea. 😉
 
Originally posted by: Brazen
Originally posted by: n0cmonkey
As long as the machine outside the network can reach the machines inside the network, it should work just fine.
Click to expand...

Well, actually that is why I said earlier to have one machine outside the network and one machine inside the network (as opposed to trucking it on a laptop). I suppooooose I could but two nics in it, one outside the network and one inside, buuuuuut I don't like that idea. 😉
Click to expand...

I know that's what you said, but I assumed NAT. 😛
 
Originally posted by: Atheus
This is bad news for OSS and all security people, so if there is an open source tool you use i suggest you contribute to it before it disappears...
Click to expand...
Well, all software is really an "organic" creation. Stop watering and feeding it, and it will die. You can water with money, to pay for someone else's labor, or water with your own labor, but it must be looked after regardless.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top