Re: Penetration Testing

[Dennis Bolton <bolton () OAKLAND EDU>]

Spider Labs. an affiliate of Trustwave, offers Pen-Test services.

Dennis

On Wed, Dec 19, 2012 at 10:38 AM, Bradley, Stephen W. Mr. <
bradlesw () miamioh edu> wrote:

> If you just want a scan Tenable provides the Nessus scan from off-site for
> $3,600/year.  You configure it and run it when and on what you want.  From
> that information you can see what ports are open and a rough idea of what
> might be vulnerable.  Then you can dive deeper with other tools or farm it
> out.
>
> Thx
> Steve
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () listserv educause edu] On Behalf Of Willis Marti
> Sent: Wednesday, December 19, 2012 9:59 AM
> To: SECURITY () listserv educause edu
> Subject: Re: [SECURITY] Penetration Testing
>
> Do you actually mean "penetration testing" or do you really want a
> vulnerability assessment? Or just an external vulnerability scan?
> LOTS of folk will do a Nessus-like scan, possibly rating the
> vulnerabilities high/medium/low, but very few will go further and say "your
> security status is passing/failing".
>  I don't think "zero defects" is reasonable for higher ed; we're not a
> bank or military facility. Our job is to distribute information.
> So what do you really want?
>
> ----- Original Message -----
> > Does anyone have any recommendations for companies that do penetration
> > testing? We are considering bringing in an outside company to do
> > penetration testing on Lehigh's systems and network and would like
> > someone with experience in the higher ed domain. Reply here or off-line
> if you prefer.
>
> --
> Willis Marti
> Director and CISO
> Networking and Information Security
> Texas A&M University



-- 
Dennis Bolton
Network Security Analyst
Oakland University
2200 N Squirrel Road Rochester MI 48309
248-370-4803