Educause Security Discussion mailing list archives
Re: Pre-Scan or Scan-After
From: Sarah Stevens <sarah () STEVENS-TECHNOLOGIES COM>
Date: Tue, 13 Sep 2005 12:31:49 -0600
I don't believe that this is an all or nothing decision. Is this a post incident recovery, or an initial connection of a new server? First, make sure that the system is properly patched with OS vendor and application vendor patches. You will want to run tools, etc to check for the latest patches. Once you have all of the patches in place, you can run Nessus or another scanner to determine if there are any of the common vulnerabilities that they detect. There are many other levels of vulnerability testing that can be completed, based upon your environment, your hardware, and your software. Once you feel pretty comfortable that your box is secure as a stand alone system, you should connect it to the network and perform additional scanning. I would say that this scanning should be completed both inside the company firewall and outside the company firewall. To do no scanning prior to plugging the system into the network is a huge mistake in my mind. There are scans that occur on every network looking for machines that are vulnerable to various attacks. Within minutes of "plugging in", someone else is going to find your vulnerability. This would happen well before you could complete your scanning and react appropriately. Hope this helps. Sincerely, Sarah E Stevens
This is a multi-part message in MIME format. We are in the process of deciding on scanning for vulnerabities after
connection (having went through the necessary authorization and authentication) to the network opposed to pre-scanning for them. We are seeking best practices of those that have chosen this route. In addition we would like those that chose to pre-scan to share with us why you made that decision.
We would appreciate your sharing with us.... If you have chosen to scan-after can you give me a url to you process? Can you share any insight into your arriving at that decision? If you chose to pre-scan, what were your deciding factors? thanks, tn Thomas R. Neiss Director of Telecommunications University at Albany State University of New York 1400 Washington Avenue MSC 209 Albany, NY 12222 tneiss () uamail albany edu (518) 437-3803 (518) 437-3810 (FAX)
--
Current thread:
- Pre-Scan or Scan-After Tom Neiss (Sep 13)
- <Possible follow-ups>
- Re: Pre-Scan or Scan-After Sarah Stevens (Sep 13)
- Re: Pre-Scan or Scan-After Scholz, Greg (Sep 13)
- Re: Pre-Scan or Scan-After Chad McDonald (Sep 14)