Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Network Security: Vulnerability Scanner

Implement a means whereby from the ASG you can scan networks for vulnerabilities.

320 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    SvenSven shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    david hamandavid haman shared a merged idea: provide individual scanning on per mac/ per ip address basis  ·   · 

    10 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Where this MIGHT make sense is to have the UTM scan for traffic that can be identified and grouped according to IPS groupings. It's often hard to know what servers have been installed on various clients on a network. Having the UTM continuously (or periodically) identify such servers (perhaps with a risk ranking applied) would allow admins to readily identify which IPS groupings should be switched on and which might be safe to turn off. Might reduce resource drains on the UTM while assuring admin that they are providing adequate IPS coverage.

      • John NielsenJohn Nielsen commented  ·   ·  Flag as inappropriate

        As the Astaro product is a Threat Management device, it would be nice to have the ability to run vulnerability scans. Since it runs on a version of Linux, incorporating something like OpenVAS wouldn't be too much of a stretch. However, I can see where it could get painful to manage from a product development standpoint since any vulnerability scanner is incredibly resource intensive. Maybe Astaro can make it part of the Subscription services. If you're willing to pay for the subscription, then activate the console to scan internally and maybe have an Online version to scan the Astaro protected networks. It would be a great selling point for upper management types who want to see proof that the network is protected or have to provide annual audit information.

      • ronetronet commented  ·   ·  Flag as inappropriate

        Last time I checked the Astaro is a UTM, not a firewall/gateway.... upvoted!

      • Pieter van StokkomPieter van Stokkom commented  ·   ·  Flag as inappropriate

        I'm with Bastian Haas on this one. However a possibility to scan incoming (VPN-) traffic could be useful to alert admins to increases of certain types of traffic.

      • Cameron ByersCameron Byers commented  ·   ·  Flag as inappropriate

        Would this not be in line with scanning the internal PCs/ Servers for current patch levels in order to identify potential internal threats? As we know many infections of internal systems can occur by laptops or flash drives brought to the office rather than through a perimeter device. Mitigating or identifying the potential victims of those attacks would be useful.

      • Bastian HaasBastian Haas commented  ·   ·  Flag as inappropriate

        Sorry, but such kind of a feature really doesn't belong to a firewall/gateway product like Astaro.

      Feedback and Knowledge Base