Re: OS Vuln Scanners

[Han Lievens <han.lievens () MAIL CUNY EDU>]

We use eEye Retina for scheduled scans and reporting - runs on Windows
only and non-customizable reports.
I use Nessus for concentrated scanning for more detail and file
content checking - awesome.

We are also in the process of deploying Core Impact for pen-testing
select "probably vulnerable" machines - runs on Windows XP and Vista
only.

What is up with all these Windows-only security apps??

Han.

Han Lievens
Information Security Office
The City University of New York
555 West 57th St., 16th Floor
New York, NY 10019
(212)541-0353
http://security.cuny.edu

On Apr 18, 2008, at 5:17 PM, Brian Epstein wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> For us it is primarily Nessus.  It is great and the price is right.  I
> used Core Security's Core Impact for a number of years.  It is very
> nice, but the price is definitely not comparable to Nessus.
>
> If you are looking for advanced pen testing, Metasploit's Framework
> has
> worked very nicely.  Again, pricepoint is ideal.
>
> Thanks,
> Brian
>
> - --
> Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
> Network and Security Officer            Institute for Advanced Study
> Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFICQ/PYRdMJQNxwSoRAkv3AKCcs3y6Eu/8MQVln8zr5Z2W4dUMBQCfRdWV
> hk7zZGg//m5xZJJ8VHEty+o=
> =SfWx
> -----END PGP SIGNATURE-----