Educause Security Discussion mailing list archives
Re: Vulnerability scanning and reporting software
From: David Taylor <ltr () ISC UPENN EDU>
Date: Fri, 2 Nov 2007 10:05:14 -0400
Thanks for all of the responses for this. It was very helpful. I may be contacting some of you directly for more detailed information. ------------------------------- David Taylor University of Pennsylvania Office of Information Security 215-898-1236 ------------------------------- From: David Taylor [mailto:ltr () ISC UPENN EDU] Sent: Thursday, November 01, 2007 12:37 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vulnerability scanning and reporting software Hi all, As everyone else we have various systems on our campus that either provide critical infrastructure, hosts some kind of sensitive data, etc. We call these 'Critical Hosts' and have a database to keep track of them. We would like to take a more proactive step in ensuring they are up-to-date with patches (OS and 3rd party), identify weak passwords and other weaknesses. We are a decentralized campus for the most part and don't have a campus-wide Active Directory infrastructure. Our 'Critical Hosts' run various operating systems which include Microsoft Windows, UNIX, Linux and Mac OS X. We are hoping to find a solution that will be compatible on these platforms and have the ability to send alerts to a central console so that we can check the status of each system on a monthly (or on demand) basis. We had eEye Digital come out to give us a presentation on their Retina and REM console. I was hoping that some of you might have some suggestions for other Vendors that do this type of thing. We would like to get a list together and compare functionality and cost then maybe evaluate. We would appreciate any suggestions. ------------------------------- David Taylor University of Pennsylvania Office of Information Security 215-898-1236 ------------------------------- The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message.
Current thread:
- Vulnerability scanning and reporting software David Taylor (Nov 01)
- <Possible follow-ups>
- Re: Vulnerability scanning and reporting software Kevin Halgren (Nov 01)
- Re: Vulnerability scanning and reporting software Beasley, Cam (Nov 01)
- Re: Vulnerability scanning and reporting software Ferris, Joe (Nov 01)
- Re: Vulnerability scanning and reporting software David Taylor (Nov 02)
- Re: Vulnerability scanning and reporting software Adam Goldstein (Nov 05)