[Openvas-commits] r3253 - trunk/openvas-compendium
scm-commit at wald.intevation.org
Wed May 6 12:29:41 CEST 2009
Date: 2009-05-06 12:29:40 +0200 (Wed, 06 May 2009)
New Revision: 3253
Made grammar changes and added stronger language cautioning the
OpenVAS user/admin to get permission to scan public/external systems.
--- trunk/openvas-compendium/ChangeLog 2009-05-06 09:53:04 UTC (rev 3252)
+++ trunk/openvas-compendium/ChangeLog 2009-05-06 10:29:40 UTC (rev 3253)
@@ -1,3 +1,10 @@
+2009-05-06 Geoff Galitz <geoff at galitz.org>
+ * openvas-compendium.tex: Edited "Choose Location of Scan-Server"
+ Grammar changes and also added stronger language cautioning the
+ use of OpenVAS against public servers under the assumption that
+ ISPs and contracted organizations may perform such scans.
2009-04-22 Geoff Galitz <geoff at galitz.org>
* openvas-compendium.tex: Edited "Consider Coverage of Available
--- trunk/openvas-compendium/openvas-compendium.tex 2009-05-06 09:53:04 UTC (rev 3252)
+++ trunk/openvas-compendium/openvas-compendium.tex 2009-05-06 10:29:40 UTC (rev 3253)
@@ -295,31 +295,38 @@
\item Target is a public server:
Several tests do follow the very same path
- as various attacks do: from a remote network.
+ as various real attacks do: from a remote network.
If you are only interested in these tests,
- you may use a arbitrary location of your OpenVAS
+ you may use any arbitrary location of your OpenVAS
server outside of the targeted network.
- However, you are advised to contact the
- administration of the target systems beforehand and inform them that you
+ However, you are strongly advised to contact the
+ owners of the target systems beforehand and inform them that you
are planning on running OpenVAS against their machines.
Because OpenVAS will actively look for vulnerabilities on the target
system, a scan will under certain circumstances look like a real attack on
- the target system and might be acted upon legally and/or technically by
- the administration of the system in question.
+ the target system. This may trigger alarms and notifications for the IT
+ staff. You may be held responsible by the
+ system owners. In extreme situations the OpenVAS Server may be
+ blacklisted by the target network and/or legal action taken.
+ It is strongly recommended to get written permission to scan these
+ systems to protect yourself from changes of policy or miscommunication
+ in the management of the target network.
\item Targets are intranet desktops and servers:
In this case you should directly coordinate with
- your system administration.
+ your system administrators and management.
Depending on the complexity of the intranet, you
may need to find out how to reach specific subnets
- from your OpenVAS Server installation. In some cases
- it might be an option to install several OpenVAS Servers.
+ from your OpenVAS Server. In some cases
+ it might be an option or necessary to install several OpenVAS Servers.
For local security checks you need to prepare the target systems
- for remote access. For unixoid systems this is usually via ssh connections,
+ for remote access. For UNIX variants this is usually via SSH connections,
for Windows it is about SMB shares.
More information about the Openvas-commits