Running a scan on your a system or subnet is only half the battle, some
things detected with nessus you will find to be false positives in
nature. Not that the program is inadequate but most of the checks are
accomplished by simply checking banner information. Scanning is half
the battle the other half is doing the research on what it finds and
determining if it is valid vulnerability. What type of systems do you
plan to scan? if your scanning linux rpm systems be prepared to run rpm
-q to query the actual package versions. Sometimes Nessus can be
misleading however, I find it to be an essential in my line of business.
As for using it I use it on a daily basis in by business. As far as what
was mentioned about snort, these are two different programs used for two
different purposes. Snort is a monitoring tool and Nessus is a testing
tool. I hope that this was of some help and if you have any other
questions don't hesitate to ask
On Tue, 2003-06-03 at 22:45, Thomas A. Ufer wrote:
> Anyone have any experience with this security scanner ? I'm doing some
> research for a job interview and I'd like to hear about implementations,
> tips and tricks, etc.
>
> Thanks.
>
>
>
-- Robert E.Schaefer MCSE CCSP Sr. Engineer CS-Security.Net 727-641-6902 Palm Harbor Fl rschaefer@cs-security.net
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:12:49 EDT