[unisog] OS Vuln Scanners

Paul Asadoorian paul at oshean.org
Wed Apr 23 16:50:16 GMT 2008


Hi Trevor,

I'm not certain what your test criteria was, but Core IMPACT is not a 
vulnerability scanner.  I view them as totally separate products/tools. 
In fact, Core IMPACT can import results from many popular vulnerability 
scanners including Nessus, nCircle, Qualys, etc...

When I worked directly for a university, our strategy was to perform 
audits of selected departments/systems using Nessus, and import the 
results into Core.  This helped us weed out the false positives, and 
gave us a nice starting point to continue the rest of the test.  Core 
does a great job reporting, and you don't need exploits to use it. For 
example, if we found a weak password you can deploy an agent, etc...

For automated regular scanning we used Nessus and inProtect. I've tried 
to continue to use inProtect to help the schools I work with now, but 
there are challenges.  It seems new versions are riddled with bugs and 
the interface was difficult to administer, and it did not do 
authorization the way I wanted it to (i.e. if two or more departments 
use the same IP address space you can see each others scan results).

I am looking for something that lets users schedule scans and does authn 
and authz to give them access to their reports, preferably via a web 
interface.  I've looked at NessusWC, but doesn't look like it does the 
privilege thing.  Any suggestions?

Cheers,
Paul

-- 
Paul Asadoorian, GCIA, GCIH
Senior Network Security Engineer
OSHEAN, Inc.
Phone: 401.829.9552
Web: http://www.oshean.org
Email: paul at oshean.org

PGP Fingerprint: FCB 5334 5966 D3D1 2983  C80D 4DE0 2B8D 98D8 83F5

Trevor Odonnal wrote:
> We use Nessus almost exclusively.  We have tested out several others
> such as Core Impact, but found that Nessus meets our needs for the
> most part.
> 
> Trevor O'Donnal CISSP, CCFS, GREM Network Security Analyst Brigham
> Young University (801) 422-1477 trevoro at byu.edu -----Original
> Message----- From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Kevin Lanning 
> Sent: Friday, April 18, 2008 9:49 AM To: UNIversity Security
> Operations Group Subject: [unisog] OS Vuln Scanners
> 
> I'd appreciate info from list members regarding best products in this
>  category from your real life experience as a security professional
> in higher ed.
> 
> thanks, -- Kevin Lanning, MSIS GSEC CISSP Information Security 
> UNC-Chapel Hill ITS Manning, # 2810 lanning at unc 
> _______________________________________________ unisog mailing list 
> unisog at lists.dshield.org 
> https://lists.sans.org/mailman/listinfo/unisog
> 
> _______________________________________________ unisog mailing list 
> unisog at lists.dshield.org 
> https://lists.sans.org/mailman/listinfo/unisog



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.sans.org/pipermail/unisog/attachments/20080423/72afd518/attachment.bin 


More information about the unisog mailing list