Educause Security Discussion mailing list archives
Re: Vulnerability scanners - what do you use? What seems to be successful for your environment?
From: Isac Balder <piis8 () YAHOO COM>
Date: Tue, 25 May 2010 10:20:36 -0700
Catherine, While the scanner itself is important. Don't forget things like who will be running it? How will it be implemented? What built-in reporting does it have? There is also the type of scanner. Classic Vulnerability vs Web App vs exploitation. For your typical vulnerability scan on operating systems I use Nessus. The scan engine and user client (now one package in 4.2) are free. If you want to test drive it you can use the Home feed. For real use the Professional feed is $1200 a year. The Professional feed also unlocks several other scanning features.If you are you are looking at one to two scan engines and very few admins this is a very economical approach. Built-in reporting is a weakness, but with some scripting can be very powerful.If you are looking at many scan engines you may also consider the Security Center package for management. Not sure what list price for that is. Also looking to integrate more scanning with Metasploit. However this is full exploitation and must be used with the utmost care. Not doing web app scanning yet. To really be effective with web app scanning you really need to be embedded in the application development lifecycle. I.B. "top posting cause yahoo makes me..." --- On Tue, 5/25/10, Ullman, Catherine <cende () BUFFALO EDU> wrote: From: Ullman, Catherine <cende () BUFFALO EDU> Subject: [SECURITY] Vulnerability scanners - what do you use? What seems to be successful for your environment? To: SECURITY () LISTSERV EDUCAUSE EDU Date: Tuesday, May 25, 2010, 11:12 AM Greetings! I am beginning to do some research into vulnerability scanners to be used in assessing infrastructure weaknesses here at the University at Buffalo. I’m wondering if folks out there might be willing to share with us what they’re using, if anything, and any experiences (good or bad) you’ve had with any of these products. Many thanks in advance for your assistance. Sincerely,Cathy Catherine J. UllmanInformation Security AnalystInformation Security OfficeUniversity at Buffalocende () buffalo edu
Current thread:
- Vulnerability scanners - what do you use? What seems to be successful for your environment? Ullman, Catherine (May 25)
- <Possible follow-ups>
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Jon Hanny (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Alex Jalso (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Mike Hanson (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Isac Balder (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? William C. Moore II (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Stewart James (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Di Fabio, Andrea (May 26)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? John Ladwig (May 26)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Steve Werby (May 28)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Steve Brukbacher (Jun 02)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Yonesy F. Nunez (Jun 02)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Wayne Bullock (Jun 03)