Educause Security Discussion mailing list archives
Re: Vulnerability Scanning
From: Eric Pancer <epancer () SECURITY DEPAUL EDU>
Date: Mon, 30 Aug 2004 09:46:19 -0500
Walsh, Brian R. (Information Services) wrote on Mon, 2004-08-30 at 09:47:33 -0400...
How frequently and how thoroughly does everyone perform vulnerability scanning?
We do them daily against certain portions of the network, and on-demand against possible compromised machines, etc.
Do you use commercial tools (Qualys, eEye, etc.), free tools (Nessus, etc.), or outside services? Thanks!
Some tools we use are Nessus, Nmap (the version scanning is highly recommended), the metasploit framework, dcetest, nbtscan, the netbios auditing tool, and other custom built scripts. Also, if an exploit appears in public, we normally run it against some portions of our campus, so long as it's a non-destructive exploit. -- Eric Pancer :.: Computer Security Response Team :.: DePaul University http://security.depaul.edu/ .:`:.:':.:`:. epancer () security depaul edu pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Vulnerability Scanning Walsh, Brian R. (Information Services) (Aug 30)
- <Possible follow-ups>
- Re: Vulnerability Scanning Scott Weeks (Aug 30)
- Re: Vulnerability Scanning Daniel Adinolfi (Aug 30)
- Re: Vulnerability Scanning Eric Pancer (Aug 30)
- Re: Vulnerability Scanning Matthew Keller (Aug 30)
- Re: Vulnerability Scanning Info (Aug 30)
- Re: Vulnerability Scanning Bob Gerdes (Aug 30)
- Re: Vulnerability Scanning Daniel Hay (Sep 08)