Educause Security Discussion mailing list archives
Nessus And Metasploit
From: "King, Ronald A." <raking () NSU EDU>
Date: Tue, 26 Jan 2010 12:20:59 -0500
There was a discussion not too long ago with regard to NeXpose and Metasploit. Integration between Nessus and Measploit was brought up. As a result, we started discussion it here and wanted to pose some questions to the group. We currently run a Nessus scan on our server networks in the "safe" state once a month and are looking to improve. 1. Does anyone run Nessus with dangerous (possibly crashing services) or all filters enabled? 2. If you have Metasploit and Nessus integrated, is Metasploit exploiting vulnerabilities? 3. If so for either or both, do you worry about taking down production services and/or servers? 4. When do you schedule these exams? Daily, weekly, monthly? Before or after patch Tuesday? Is time given for servers to be patched prior? 5. What kind of comparison's and how are done with previous scans? Thank you in advance. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu<mailto:raking () nsu edu> http://security.nsu.edu
Current thread:
- Nessus And Metasploit King, Ronald A. (Jan 26)