Educause Security Discussion mailing list archives
Re: Vulnerability Scanning
From: Daniel Hay <danny () DREXEL EDU>
Date: Wed, 8 Sep 2004 23:58:45 -0400
Bob, We use NeVO in conjunction with the Lightning Console. It's a great tool, its allowed us to find numerous compromised systems that we would have had no chance of finding without the it. Basically NevO caught the periodic command shells popping up at odd times during the day/night, catching these ports open with a regular scan would have been impossible. We're logging snort alerts to the lightning console as well as the NeVO and Nessus data, this gives us some decent correlation to work with. Since we're beta testing NeVO 2.0 I've started working on taking the correlation one step further by porting various snort signatures into NeVO signatures. This lets me refine the snort rules within NeVO, this allows me to have a somewhat lax snort rule to keep a broad eye on what is going on but at the same time if the NeVO rules fire then the host who tripped the alert is without a doubt compromised/busted :) feel free to drop me a line off-list if you'd like to take about the product some more, I'd also be happy to pass your info over to the guys at tenable if you would like to get into pricing info etc. -- Daniel Hay Network Security Engineer Drexel University On Aug 30, 2004, at 11:05 AM, Bob Gerdes wrote:
Does anyone on this list use NeVO? This website (http://www.tenablesecurity.com/nevo.html) provides a brief description for how this passive vulnerability scanner operates 24x7. If so, can you briefly highlight how it is working for you? And if you are using it in conjunction with regular Nessus scans or IDS data? Thank you, Bob ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Vulnerability Scanning Walsh, Brian R. (Information Services) (Aug 30)
- <Possible follow-ups>
- Re: Vulnerability Scanning Scott Weeks (Aug 30)
- Re: Vulnerability Scanning Daniel Adinolfi (Aug 30)
- Re: Vulnerability Scanning Eric Pancer (Aug 30)
- Re: Vulnerability Scanning Matthew Keller (Aug 30)
- Re: Vulnerability Scanning Info (Aug 30)
- Re: Vulnerability Scanning Bob Gerdes (Aug 30)
- Re: Vulnerability Scanning Daniel Hay (Sep 08)