[unisog] OS Vuln Scanners

Trevor Odonnal trevoro at byu.edu
Wed Apr 23 17:25:15 GMT 2008


You're correct that Core isn't strictly a vulnerability scanner.  It does much, much more, but it IS a vulnerability assessment tool.  We had several reasons for not going with Core.  But it mainly came down to a cost benefit analysis.  We felt that the added benefits weren't worth the price they were asking.  We've found other methods to obtain what we need without the expense.  We may look into it again later, but for now, we are working pretty well with what we have.

--------------------------------------
Trevor O'Donnal CISSP, CCFS, GREM
Network Security Analyst
Brigham Young University
(801) 422-1477
trevoro at byu.edu

-----Original Message-----
From: unisog-bounces at lists.dshield.org [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Paul Asadoorian
Sent: Wednesday, April 23, 2008 10:50 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] OS Vuln Scanners

Hi Trevor,

I'm not certain what your test criteria was, but Core IMPACT is not a
vulnerability scanner.  I view them as totally separate products/tools.
In fact, Core IMPACT can import results from many popular vulnerability
scanners including Nessus, nCircle, Qualys, etc...

When I worked directly for a university, our strategy was to perform
audits of selected departments/systems using Nessus, and import the
results into Core.  This helped us weed out the false positives, and
gave us a nice starting point to continue the rest of the test.  Core
does a great job reporting, and you don't need exploits to use it. For
example, if we found a weak password you can deploy an agent, etc...

For automated regular scanning we used Nessus and inProtect. I've tried
to continue to use inProtect to help the schools I work with now, but
there are challenges.  It seems new versions are riddled with bugs and
the interface was difficult to administer, and it did not do
authorization the way I wanted it to (i.e. if two or more departments
use the same IP address space you can see each others scan results).

I am looking for something that lets users schedule scans and does authn
and authz to give them access to their reports, preferably via a web
interface.  I've looked at NessusWC, but doesn't look like it does the
privilege thing.  Any suggestions?

Cheers,
Paul

--
Paul Asadoorian, GCIA, GCIH
Senior Network Security Engineer
OSHEAN, Inc.
Phone: 401.829.9552
Web: http://www.oshean.org
Email: paul at oshean.org

PGP Fingerprint: FCB 5334 5966 D3D1 2983  C80D 4DE0 2B8D 98D8 83F5

Trevor Odonnal wrote:
> We use Nessus almost exclusively.  We have tested out several others
> such as Core Impact, but found that Nessus meets our needs for the
> most part.
>
> Trevor O'Donnal CISSP, CCFS, GREM Network Security Analyst Brigham
> Young University (801) 422-1477 trevoro at byu.edu -----Original
> Message----- From: unisog-bounces at lists.dshield.org
> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Kevin Lanning
> Sent: Friday, April 18, 2008 9:49 AM To: UNIversity Security
> Operations Group Subject: [unisog] OS Vuln Scanners
>
> I'd appreciate info from list members regarding best products in this
>  category from your real life experience as a security professional
> in higher ed.
>
> thanks, -- Kevin Lanning, MSIS GSEC CISSP Information Security
> UNC-Chapel Hill ITS Manning, # 2810 lanning at unc
> _______________________________________________ unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
>
> _______________________________________________ unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog






More information about the unisog mailing list