Educause Security Discussion mailing list archives

Re: Pre-Scan or Scan-After

From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Tue, 13 Sep 2005 12:31:49 -0600

I don't believe that this is an all or nothing decision.  Is this a
post incident recovery, or an initial connection of a new server?
First, make sure that the system is properly patched with OS vendor and
application vendor patches.  You will want to run tools, etc to check
for the latest patches.

Once you have all of the patches in place, you can run Nessus or
another scanner to determine if there are any of the common
vulnerabilities that they detect.

There are many other levels of vulnerability testing that can be
completed, based upon your environment, your hardware, and your
software.

Once you feel pretty comfortable that your box is secure as a stand
alone system, you should connect it to the network and perform
additional scanning.  I would say that this scanning should be
completed both inside the company firewall and outside the company
firewall.

To do no scanning prior to plugging the system into the network is a
huge mistake in my mind.  There are scans that occur on every network
looking for machines that are vulnerable to various attacks.  Within
minutes of "plugging in", someone else is going to find your
vulnerability.  This would happen well before you could complete your
scanning and react appropriately.

Hope this helps.

Sincerely,

Sarah E Stevens

This is a multi-part message in MIME format.


We are in the process of deciding on scanning for vulnerabities after

connection (having went  through the necessary authorization and
authentication) to the network opposed to pre-scanning for them.  We
are seeking best practices of those that have chosen this route.  In
addition we would like those that chose to pre-scan to share with us
why you made that decision.


We would appreciate your sharing with us....

If you have chosen to scan-after can you give me a url to you process?
Can you share any insight into your arriving at that decision?
If you chose to pre-scan, what were your deciding factors?
thanks,
tn

Thomas R. Neiss
Director of Telecommunications
University at Albany
State University of New York
1400 Washington Avenue MSC 209
Albany, NY 12222
tneiss () uamail albany edu
(518) 437-3803
(518) 437-3810 (FAX)

--

Current thread:

Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)