Educause Security Discussion mailing list archives
Re: Penetration Testing
From: "Michael J. Kenney" <m.kenney () USCIENCES EDU>
Date: Thu, 28 Feb 2013 10:48:14 -0500
We just switched from Tenable Perimeter Service to Qualys. They have a great educational discount, which cuts down the cost. Also, the reporting is 100% better because there is actual reporting. Michael -- Michael Kenney Information Security Officer IT Department University of the Sciences 600 S. 43rd St. Philadelphia, PA 19104 215-596-7403 Office m.kenney () usciences edu<mailto:m.kenney () usciences edu> | www.usciences.edu<http://www.usciences.edu/> USciences: Where healthcare and science converge -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jamie A. Stapleton Sent: Thursday, February 28, 2013 10:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Penetration Testing $3,600/year works well if you have a lot of IPs. For smaller scans, you might want to check out https://purecloud.ncircle.com/, which starts at $50/IP/year. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bradley, Stephen W. Mr. Sent: Wednesday, December 19, 2012 10:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Penetration Testing If you just want a scan Tenable provides the Nessus scan from off-site for $3,600/year. You configure it and run it when and on what you want. From that information you can see what ports are open and a rough idea of what might be vulnerable. Then you can dive deeper with other tools or farm it out. Thx Steve -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Willis Marti Sent: Wednesday, December 19, 2012 9:59 AM To: SECURITY () listserv educause edu Subject: Re: [SECURITY] Penetration Testing Do you actually mean "penetration testing" or do you really want a vulnerability assessment? Or just an external vulnerability scan? LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities high/medium/low, but very few will go further and say "your security status is passing/failing". I don't think "zero defects" is reasonable for higher ed; we're not a bank or military facility. Our job is to distribute information. So what do you really want? ----- Original Message -----
Does anyone have any recommendations for companies that do penetration
testing? We are considering bringing in an outside company to do
penetration testing on Lehigh's systems and network and would like
someone with experience in the higher ed domain. Reply here or off-line if you prefer.
-- Willis Marti Director and CISO Networking and Information Security Texas A&M University
Current thread:
- Re: Penetration Testing Jamie A. Stapleton (Feb 28)
- Re: Penetration Testing Michael J. Kenney (Feb 28)