I'm a bit saddened that the discussion of hardening nessus against malicious scan targets attempting to compromise the scanner with creative answers to the scan packets wasn't more closely intertwined with the OS support section of the interview.

Because I worry about such things quite frequently with our IDS systems, logging infrastructure, etc. (and because I prefer freer licenses like are typical on *BSD for many of the reasons that Ron Gula touched upon), I tend to use OpenBSD as the base for most of our security appliances. Their proactive hardening has real value for me.

FreeBSD is almost as good a base for us, but not quite. The difference is great enough that I'm unlikely to be able to use Nessus 3 unless it will run on OpenBSD.

Its something of a bummer, because I'd really rather swing the money for a commercial support contract than continue to use Nessus 2.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/371/32754#32754