06-10-2008 09:30 PM
Hi,
Is Cisco MARS able to do vulnerability and security assessment of host (server) and network devices like, for example, Nessus?
Thank you.
Best regards.
Massimiliano.
Solved! Go to Solution.
06-11-2008 03:24 AM
The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:
http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893
"Vulnerability Assessment
Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "
http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849
Regards
Farrukh
06-11-2008 03:24 AM
The Cisco MARS has Nessus signatures built-in to it, which it can use to scan end-hosts, please have a look at this link:
http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1248893
"Vulnerability Assessment
Host OS and Patch Level. When a signature fires on an IDS and it is reported to MARS, MARS can either launch a targeted scan using Nessus, or query a vulnerability assessment system that helps determine whether the target was vulnerable. "
http://cio.cisco.com/univercd/cc/td/doc/product/vpn/ciscosec/mars/4_3/uglc/cfgover.htm#wp1173849
Regards
Farrukh
06-26-2008 08:39 AM
I read the notes regarding the automated scan performed when IDS events are reported, but I'd like to know if the vulnerability scan can be manually triggered for the hosts/networks I'd like to check. There should be some method (at least from the command line)...
06-26-2008 08:56 AM
There seems to be no such command:
Why don't you want to use Nessus (which is free and open source itself) instead? Just wondering?
Regards
Farrukh
06-26-2008 09:29 AM
Hi,
Some customers (who tend to put security ahead of costs) are generally more happy to allow Cisco boxes onto their premises compared to untrusted open-source stuff.
Regards,
Joe
06-26-2008 01:21 PM
Well the trusted/untrusted debate is quite controversial and 'relative' from person to person, so I prefer not to delve into that :). Specially since Cisco is using the 'same' signatures in MARS.
Anyway thanks for the clarification.
Regards
Farrukh
06-26-2008 09:34 AM
Sorry, I forgot : cost is also a factor. I currently need more HW in order to run Nessus scans when I've already got it in the MARS appliance!
Regards, Joe
06-26-2008 01:59 PM
My understanding is that MARS does very limited checks, and it's almost guaranteed to be way out of date. You can't even get updates to Nessus for free anymore.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide