![](/uploads/1/2/5/7/125716983/940378807.jpg)
What you need to know about Qualys asset tracking. Qualys can track assets by one of four methods, three of which are available via scanning. When you scan your network, you can track by IP address, NetBIOS name, or DNS name.
Qualys Appliances do not offer any open ports over which remote management services might be offered. There is no Telnet, SSH, or HTTP/S access.
Under most circumstances, this is of no concern to customers. The Appliance is used via the Qualys web interface that is hosted on Qualys' infrastructure. Assuring operational readiness of the Appliance (such as installing scan engine upgrades, operating system patches, or other upgrades), is done by Qualys.
Console access to the Appliance allows customers to remotely configure the Appliance for tasks that usually require an operator to be physically present in-front of the device, such as:
- change the LAN or WAN port configuration (IP address, DNS, VLAN, etc.);
- change the HTTP/S proxy configuration (new username or password);
- obtain the ACTIVATION CODE during a remote installation.
In short: anything a user can do with the front panel LCD of the Appliance, can also be done over Console access.
With a Console Server users can make the Appliance's Console available over the network.
This article presents how to configure an Avocent Cyclades TS100 to make available the Appliance's Console over Telnet.
1) Use your web browser to access the configuration pages of the TS100
2) go to the Serial Ports configuration
3) load a CAS profile and adjust it
4) save these changes, then go and apply them
5) use your system's Telnet to access the TS100 to edit the getty.conf file
6) set getty to 'off' in /etc/getty.conf
As seen in the screenshot above, you can use vi to edit the file:
vi /etc/getty.conf
Then change to:
GETTY=off
Write the changes to disk and quit:
:wq
Logout from the TS100.
![Print Print](/uploads/1/2/5/7/125716983/648587814.png)
See Step (4) to re-apply the configuration.
7) Telnet to the Console Server port
Caveats:
Access to the console in this example is not secured - it is neither encrypted, nor subject to restricted access. It would be far better to use SSH for this with pre-shared keys.
References:
- see the Scanner Appliance User Guide for more information on the configuration menu of the Appliance
- see also the Avocent Cyclades TS100 Manual
SAN FRANCISCO, April 16, 2018 /PRNewswire/ -- RSA® Conference 2018, Booth #N3815 – Qualys, Inc.QLYS, -2.24% a pioneer and leading provider of cloud-based security and compliance solutions, today announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production.
Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, allowing DevOps teams to streamline assessments of REST APIs and get faster visibility of the security posture of mobile application backends and Internet of Things (IoT) services. Additionally, a new native plugin for Jenkins delivers automated vulnerability scanning of web applications for teams using the popular Continuous Integration/Continuous Delivery (CI/CD) tool. In tandem, customers can now leverage the new Qualys Browser Recorder, a free Google Chrome browser extension, to easily review scripts for navigating through complex authentication and business workflows in web applications.
Qualys will showcase these new tools and enhanced functionality during RSA® Conference 2018.
'One of our goals is to perform security testing early in the software development lifecycle and being able to seamlessly integrate scanning into our build environments is key to that,' said Dmitry Tysh, Sr. Software Developer, IT Development, OSIsoft, Inc. 'We are looking forward to using these new capabilities in Qualys WAS to further automate testing of our web apps and APIs.'
'As companies move their internal apps to the cloud and embrace new technologies, web app security must be integrated into the DevOps process to safeguard data and prevent breaches,' said Philippe Courtot, chairman and CEO, Qualys, Inc. 'Qualys is helping customers streamline and automate their DevSecOps through continuous visibility of security and compliance across their applications and REST APIs. With the latest WAS features, customers now can make web application security an integral part of their DevOps processes, avoiding costly security issues in production.'
Qualys WAS 6.0 and new capabilities include:
- Scanning of Swagger-based REpresentational State Transfer (REST) APIs - In addition to scanning Simple Object Access Protocol (SOAP) web services, Qualys WAS now leverages the Swagger specification for testing REST APIs. Users need only ensure the Swagger version 2.0 file (JSON format) is visible to the scanning service, and the APIs will automatically be tested for common application security flaws.
- Jenkins plugin - The Qualys WAS Jenkins plugin empowers DevOps teams to build application vulnerability scans into their existing CI/CD processes. By integrating scans in this manner, application security testing is accomplished earlier in the SDLC to catch and eliminate security flaws thereby significantly reducing the cost of remediation compared to doing so later in the SDLC. Download the plugin here.
- Qualys Browser Recorder – This new Chrome extension allows users to record web browser activity and save the scripts for repeatable, automated testing. Scripts are played back in Qualys WAS, allowing the scanning engine to successfully navigate through complex authentication and business workflows. The Qualys Browser Recorder extension is free and available to anyone (not just Qualys customers) via the Chrome Web Store.
Pricing and Availability Qualys WAS 6.0 is available today as an annual subscription based on the number of web applications. Annual subscriptions start at $1,995.
Additional Resources:
- Follow Qualys on LinkedIn and Twitter
- Read more about the Qualys Cloud Platform
- Read about Qualys Web Application Scanning
About Qualys Qualys, Inc. QLYS, -2.24% is a pioneer and leading provider of cloud-based security and compliance solutions with over 10,300 customers in more than 130 countries, including a majority of each of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes and substantial cost savings. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously, enabling them to automate the full spectrum of auditing, compliance and protection for IT systems and web applications on premises, on endpoints and elastic clouds. Founded in 1999 as one of the first SaaS security companies, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The Company is also a founding member of the Cloud Security Alliance. For more information, please visit www.qualys.com.
Qualys and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.
View original content:http://www.prnewswire.com/news-releases/qualys-brings-web-application-security-to-devops-300630117.html
SOURCE Qualys, Inc.
Copyright (C) 2018 PR Newswire. All rights reserved
From MarketWatch
![](/uploads/1/2/5/7/125716983/940378807.jpg)