Educause Security Discussion mailing list archives

Pre-Scan or Scan-After

From: Tom Neiss <TNeiss () UAMAIL ALBANY EDU>
Date: Tue, 13 Sep 2005 14:05:49 -0400

We are in the process of deciding on scanning for vulnerabities after connection (having went  through the necessary 
authorization and authentication) to the network opposed to pre-scanning for them.  We are seeking best practices of 
those that have chosen this route.  In addition we would like those that chose to pre-scan to share with us why you 
made that decision.

We would appreciate your sharing with us....

If you have chosen to scan-after can you give me a url to you process?
Can you share any insight into your arriving at that decision?
If you chose to pre-scan, what were your deciding factors?
thanks,
tn

Thomas R. Neiss
Director of Telecommunications 
University at Albany
State University of New York
1400 Washington Avenue MSC 209
Albany, NY 12222
tneiss () uamail albany edu
(518) 437-3803
(518) 437-3810 (FAX)

Current thread:

Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)