Educause Security Discussion mailing list archives

Vulnerability scanning and reporting software

From: David Taylor <ltr () ISC UPENN EDU>
Date: Thu, 1 Nov 2007 12:37:23 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

As everyone else we have various systems on our campus that either provide critical infrastructure, hosts some kind of
sensitive data, etc. We call these Critical Hosts and have a database to keep track of them.

We would like to take a more proactive step in ensuring they are up-to-date with patches (OS and 3rd party), identify
weak passwords and other weaknesses. We are a decentralized campus for the most part and dont have a campus-wide
Active Directory infrastructure.

Our Critical Hosts run various operating systems which include Microsoft Windows, UNIX, Linux and Mac OS X. We are
hoping to find a solution that will be compatible on these platforms and have the ability to send alerts to a central
console so that we can check the status of each system on a monthly (or on demand) basis.

We had eEye Digital come out to give us a presentation on their Retina and REM console. I was hoping that some of you
might have some suggestions for other Vendors that do this type of thing. We would like to get a list together and
compare functionality and cost then maybe evaluate.

We would appreciate any suggestions.

- -------------------------------
David Taylor
University of Pennsylvania
Office of Information Security
215-898-1236
- -------------------------------

The information contained in this e-mail message is intended only for the personal and confidential use of the
recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for
delivering it to the intended recipient, you are hereby notified that you have received this document in error and that
any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this
communication in error, please notify us immediately by e-mail, and delete the original message.

-----BEGIN PGP SIGNATURE-----
Version: 9.6.3 (Build 3017)

wj8DBQFHKgDDrFOwyUiOUlwRAjoIAJ0R6+2sW++4sc+XOw5U9ydrnSSDmwCgqMA9
aPJMDIdd8Ch2QmCoUZ9b/2k=
=UicG
-----END PGP SIGNATURE-----

Attachment: PGPexch.htm.pgp
Description: PGPexch.htm.pgp

Current thread:

Vulnerability scanning and reporting software David Taylor (Nov 01)
- <Possible follow-ups>
- Re: Vulnerability scanning and reporting software Kevin Halgren (Nov 01)
- Re: Vulnerability scanning and reporting software Beasley, Cam (Nov 01)
- Re: Vulnerability scanning and reporting software Ferris, Joe (Nov 01)
- Re: Vulnerability scanning and reporting software David Taylor (Nov 02)
- Re: Vulnerability scanning and reporting software Adam Goldstein (Nov 05)