Educause Security Discussion mailing list archives
Re: Vulnerability scanners - what do you use? What seems to be successful for your environment?
From: "Yonesy F. Nunez" <yonesy.nunez () NEWSCHOOL EDU>
Date: Wed, 2 Jun 2010 16:21:03 -0400
Hello, These are valid points, we also use Nexpose in our environment and we find that it is very effective. However, I think you are blending patch level checking with networking facing checks. Back-porting is a large challenge for any scanner. We should keep in mind that patch level scanning isn't quite like a vulnerability scan, though still very helpful, this is an area that they should focus on (natural progression: identify vulnerability --> patch vulnerability). NeXpose is a great place to automate workflows and extract some very good reports, and from a vulnerability scanner perspective, is very good at performing this task. The remediation reports are very comprehensive and the trending aspect is one of my favorite features. Currently, we have automated scans and reports created for custodians of all our systems, they know exactly what they need to do to "remediate" any findings. In the event that there's a false positive/negative we can easily flag the offending plug-in or system until a solution is found (either via an update or a permanent flag on the system). Now, about their AD and LDAP integration, I'd like to see better integration to make the product more seamless. Best regards, Yonesy -- Yonesy F. Nuñez | THE NEW SCHOOL Director, Information Security Office of Information Technology 55 W 13th Street, Rm 705 New York, NY 10011 P| 212.229.5300 x4728 F| 212.647.8211 E|nunezy () newschool edu
If you want to do regular auditing, especially for Windows
systems, or for performing risk assessments, this might not be a bad choice. Not a bad choice is a bit of an understatement here. It is a really excellent choice. I haven't seen a false positive in the Windows scanning part of the product in a long time. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher Sent: Wednesday, June 02, 2010 3:33 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Vulnerability scanners - what do you use? What seems to be successful for your environment? We're running Nexpose currently. It's okay, but not very accurate for Unix systems when evaluating patch levels. Tons of false positives because often times the way admins patch services doesnt' change the version level that the vunl. scanner uses to determine path level. There are things you can do about that, including loading root creds into the vuln. scanner, which I'm not too keen on in general. It does fine for open ports/etc and the reporting is pretty good compared to Nessus. So if you just want to see what the "bad guys" are seeing, I'd just use Nessus. If you want to do regular auditing, especially for Windows systems, or for performing risk assessments, this might not be a bad choice. -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Architect UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 On 5/26/10 12:57 PM, Di Fabio, Andrea wrote:
We have been using OpenVAS since Nessus became commercialized. We are in the process of integrating it with metasploit autopwn. So far the only drawback we have is the lack of built in automated comparison of previous scans with the current one. *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Ullman, Catherine *Sent:* Tuesday, May 25, 2010 11:13 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Vulnerability scanners - what do you use? What seems to be successful for your environment? Greetings! I am beginning to do some research into vulnerability scanners to be used in assessing infrastructure weaknesses here at the University at Buffalo. Im wondering if folks out there might be willing to share with us what theyre using, if anything, and any experiences (good or bad) youve had with any of these products. Many thanks in advance for your assistance. Sincerely, Cathy Catherine J. Ullman Information Security Analyst Information Security Office University at Buffalo cende () buffalo edu <mailto:cende () buffalo edu>
Current thread:
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment?, (continued)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Jon Hanny (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Alex Jalso (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Mike Hanson (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Isac Balder (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? William C. Moore II (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Stewart James (May 25)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Di Fabio, Andrea (May 26)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? John Ladwig (May 26)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Steve Werby (May 28)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Steve Brukbacher (Jun 02)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Yonesy F. Nunez (Jun 02)
- Re: Vulnerability scanners - what do you use? What seems to be successful for your environment? Wayne Bullock (Jun 03)