Educause Security Discussion mailing list archives
Re: Shodan value
From: "Dixon, Cameron" <cameron.dixon () HQ DHS GOV>
Date: Mon, 31 Jul 2017 18:37:14 +0000
I'm really real: really from the government and really here to help! I'll also point out that the message Valerie Vogel sent earlier today ("Cybersecurity for Higher Ed Fact Sheet from the REMS TA Center") includes a link to a PDF [1] that calls attention to our services; see pg. 6. Additionally, the Department of Education's Office of Educational Technology just published "Building Technology Infrastructure for Learning" [2] which cites our service, see pg. 40. It's certainly not my intent to hawk like a vendor, merely to increase awareness of our offerings. Valerie wrote:
You guys willing to work with a university that says "We have 2 /16's, but we're only really worried about these 12 /24's in that space?" Also, do you do IPv6? :)
No issue taking on multiple /16s, and if you're only interested in a subset, you're welcome to just include those addresses in our scan. [1] http://rems.ed.gov/docs/Cybersecurity_Considerations_for_Higher_ed_Fact_Sheet_508C.pdf [2] https://tech.ed.gov/infrastructure/ Cameron Dixon Department of Homeland Security National Cybersecurity Assessments and Technical Services -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Wilcox Sent: Friday, July 28, 2017 9:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Shodan value On 28 July 2017 at 01:53, Cameron Dixon <cameron.dixon () hq dhs gov> wrote:
Hello there, new listserv-er here. I'm the ops lead for the DHS NCATS scanning service mentioned previously-- a colleague of mine alerted me to this discussion, so I hope you'll forgive the interjection. Cyber Hygiene, our service that scans internet-facing systems, is (basically) available to all comers, and the https://github.com/dhs-ncats/services link outlines the contours of the service decently-- I'm also happy to answer any questions you might have.
<snip> Wait a second, let me get this right. There's an entity offering a service and you represent that entity...so you're basically a vendor...but you don't reference Gartner whitepapers, you don't mention being a leader in the Magic Quadrant or "best in breed/class" and you aren't going on about how your "next gen scanning service" can detect all the things and help identify problems with machine learning/next gen AI/etc. Does anyone know if Cameron and this "DHS" actually exist or is this an elaborate Sys-Admin Day hoax to Rick-roll everyone visiting their github project? Seriously, welcome to the group. I don't know if/when the SPC program committee will hit you up to be in Baltimore, or if any schools who are using the service are interested in presenting about their experiences, but I know *I* would certainly try to go to a presentation by <x schools> and the ops lead for a .gov vulnerability scanning service. kmw
Current thread:
- Re: Shodan value, (continued)
- Re: Shodan value Andre DiMino (Jul 20)
- Re: Shodan value Nicholas Garigliano (Jul 21)
- Re: Shodan value Andre DiMino (Jul 24)
- Re: Shodan value Andre DiMino (Jul 20)
- Re: Shodan value Rich Graves (Jul 20)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Valdis Kletnieks (Jul 20)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Kevin Wilcox (Jul 28)
- Re: Shodan value Ashley Penchion (Jul 28)
- Re: Shodan value Dixon, Cameron (Jul 31)
- Re: Shodan value Valdis Kletnieks (Jul 28)