[unisog] OS Vuln Scanners

Nipper, Johnny R. Nipperj at uncw.edu
Wed May 7 17:14:42 GMT 2008


Hello all,

We are a new security department in the beginning stages of discovering vulnerabilities as well as rogue servers on our network.  We are discovering as we go and learning from our mistakes.  One issue we are tackling is departmental servers outside of our central IT.  We do not have a comprehensive list of every system.  I have been using different techniques for discovering servers and working with each administrator individually to do routine scans.  Recently we began running Nessus on the entire network one subnet at a time.  During this time, systems have crashed with our "safe scan" option set.  This undoubtedly helps us discover systems as well as vulnerabilities, but in the meantime this causes issues.  We would like to notify departmental administrators prior to each scan.  Our issue is, we did not previously know about these systems.

We have already sent out a communiqué with a protocol for every administrator to run scans on their system and report them to the security department.  The ones that are having issues now are systems that were not disclosed during our initial request several months ago.  

How would everyone tackle this situation?  Would you send out a communication to the entire campus in advance for all scans?  When would you run your scans?  Do you make this part of your change control procedure?  Any help would be very appreciated.

Thanks,
Johnny


-----Original Message-----
From: unisog-bounces at lists.dshield.org [mailto:unisog-bounces at lists.dshield.org] On Behalf Of BACHAND, Dave (Info. Tech. Services)
Sent: Wednesday, April 23, 2008 10:17 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] OS Vuln Scanners

Hello-

We use Nessus to scan the entire university frequently.  The freeware
version is the same as the paid commercial version, except that the
signatures are delayed on the free one.  All that said, it's an
extremely useful tool, and is not very hard to use.

One thing I like is the "safe checks" flag.  IE for Internet facing
services, we probe it more harshly, whereas for more protected services
we can scale back the aggressiveness.  But beware that "safe checks off"
can and will wax a weakly configured system. :-)


++++++++++++++++++++++++++++++++++ 
Dave Bachand 
Data Network Manager 
Information Technology Services 
Eastern Connecticut State University 
83 Windham Street 
Willimantic, CT 
Tel. (860)465-5376 
++++++++++++++++++++++++++++++++++ 



-----Original Message-----
From: unisog-bounces at lists.dshield.org
[mailto:unisog-bounces at lists.dshield.org] On Behalf Of Kevin Lanning
Sent: Friday, April 18, 2008 11:49 AM
To: UNIversity Security Operations Group
Subject: [unisog] OS Vuln Scanners

I'd appreciate info from list members regarding best products in this
category from your real life experience as a security professional in
higher ed.

thanks,
--
Kevin Lanning, MSIS GSEC CISSP
Information Security
UNC-Chapel Hill
ITS Manning, # 2810
lanning at unc
_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog

_______________________________________________
unisog mailing list
unisog at lists.dshield.org
https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list