Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability Scanners

From: "Ferris, Joe" <jferris () ADMIN FSU EDU>
Date: Fri, 3 Aug 2007 16:07:51 -0400
We have had a lot of success with Rapid7's NeXpose vulnerability
scanner.  NeXpose is an intricate part of our campus client/server audit
program.  One of the main reasons that we purchased the product is that
the built in audit reports save us a lot of time during our audits and
we no longer hand/custom write each section.  I believe this solution
will assess all of the main categories that you mentioned and add other
functionality as well.  Feel free to send me a note off list if you
would like more specifics; use of the scanner, audit program, etc...

Regards,

Joe Ferris
Network Security Engineer
Florida State University
jferris () admin fsu edu 

-----Original Message-----
From: Andy Rivers [mailto:rivers () TENNESSEE EDU] 
Sent: Thursday, August 02, 2007 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Vulnerability Scanners

Hello,

We are looking at purchasing a new vulnerability scanner to use on our
security assessments, and I was wondering if anyone could provide
insight to
some of the tools that they currently use.  Right now we use a
combination
of open source tools and commercial products, but we are not very happy
with
the results that we are getting from our commercial products.

We have three main categories that we assess: database, web, and
workstations/servers.  So we are examining if we will get more accurate
results by having a specialized scanner for each category or if there's
a
product out there that will accurately and thoroughly scan all three
categories.  I would be interested in hearing how some of you currently
do
your assessments, do you have a separate tool for each one or do you use
the
same scanner for all of them?

Also, we are pretty sure that we are going to have to do an RFP for
this, so
if anyone has already done a similar RFP and would be willing to share
that
would great.

Thanks in advance for you responses.

Andy Rivers
Senior Security Analyst
Information Security Office
University of Tennessee
(865) 974-2032
rivers () tennessee edu
Previous By Date Next
Previous By Thread Next

Current thread: