- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
VPNScan: Extending the Audit and Compliance Perimeter
- Abstract
- These approaches are not taken in this first deployment and are not planned for the immediate future, for several reasons. In the applications described above, scanning would not ensure compliance with any written policy, so the reason for doing it at all starts to become tenuous. Secondly, the volume of data would be unreasonably large, any deployment along these lines would need a much better method of organizing data. Most likely a mysql database would be required, with a web front-end. Finally, the triggers for alerting would be much harder to arrive at the default services .deny file used by VPNSCAN would trigger on every scan for these expanded applications. These applications are exactly what the competing NAC and NAP frameworks are meant to deal with, and while there is widespread interest in both products, the up-front costs involved in deployment have limited actual installations.