[unisog] Re: Nessus Scanning

Jens Haeusser jens.haeusser at ubc.ca
Mon May 10 17:00:21 GMT 2004


Matt Crawford wrote:

> We scan with the whole site with nessus, but only for the most 
> critical vulnerabilities.  There hasn't been a problem.  Giving a 
> Windows or IRIX machine the works with nessus can choke it, so we 
> provide two nessus servers (one inside, one outside the perimeter) to 
> which registered sysadmins can authenticate (via kx509 certificate) 
> and scan those systems for which they are a registered admin with any 
> plugins they choose, on their own schedule.

I know that many of you scan with a subset of the Nessus plugins- which 
do you consider the most critical? Do any of you keep the list updated 
on a website somewhere?

We have been using single-vulnerability scanners (like 007scan, or 
Foundstone's DSScan) for broad scans, but we've been looking at moving 
everything into Nessus, which we currently use for full, targeted scans.

Jens Haeusser
Manager, Information Security Office
University of British Columbia



More information about the unisog mailing list