Educause Security Discussion mailing list archives
Re: Vulnerability Scanning
From: Daniel Adinolfi <dra1 () CORNELL EDU>
Date: Mon, 30 Aug 2004 10:36:40 -0400
On Aug 30, 2004, at 09:47, Walsh, Brian R. (Information Services) wrote:
How frequently and how thoroughly does everyone perform vulnerability scanning? Do you use commercial tools (Qualys, eEye, etc.), free tools (Nessus, etc.), or outside services? Thanks!
Cornell has a site license for ISS. We offer a scanning service to campus through two models. The first model is where a local support provider (or Audit Office) asks the Security Office to scan certain subnets or systems for them. The second model is where we cut keys for local support providers to allow them to scan their own subnets and systems whenever they wish. This allows us to support both the high-end and low-end technical folk on campus. We also use nessus for scripted scanning on our ResNet and whenever we want more than just ISS. There are a bunch of other scanning tools we will use depending on the situation, as well. nmap is a tool we use daily, for example. Currently, I am evaluating a tool called AppDetective for scanning databases and web servers, which seems pretty useful so far. -Dan _________________ Daniel Adinolfi, CISSP Senior Security Engineer, IT Security Office Cornell University - Office of Information Technologies email: dra1 () cornell edu phone: 607-255-7657 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Vulnerability Scanning Walsh, Brian R. (Information Services) (Aug 30)
- <Possible follow-ups>
- Re: Vulnerability Scanning Scott Weeks (Aug 30)
- Re: Vulnerability Scanning Daniel Adinolfi (Aug 30)
- Re: Vulnerability Scanning Eric Pancer (Aug 30)
- Re: Vulnerability Scanning Matthew Keller (Aug 30)
- Re: Vulnerability Scanning Info (Aug 30)
- Re: Vulnerability Scanning Bob Gerdes (Aug 30)
- Re: Vulnerability Scanning Daniel Hay (Sep 08)