Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Penetration Testing
From: "Bradley, Stephen W. Mr." <bradlesw () MIAMIOH EDU>
Date: Wed, 19 Dec 2012 10:38:34 -0500

If you just want a scan Tenable provides the Nessus scan from off-site for $3,600/year.  You configure it and run it 
when and on what you want.  From that information you can see what ports are open and a rough idea of what might be 
vulnerable.  Then you can dive deeper with other tools or farm it out.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Willis 
Sent: Wednesday, December 19, 2012 9:59 AM
To: SECURITY () listserv educause edu
Subject: Re: [SECURITY] Penetration Testing

Do you actually mean "penetration testing" or do you really want a vulnerability assessment? Or just an external 
vulnerability scan?
LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities high/medium/low, but very few will go 
further and say "your security status is passing/failing".
 I don't think "zero defects" is reasonable for higher ed; we're not a bank or military facility. Our job is to 
distribute information.
So what do you really want?

----- Original Message -----

Does anyone have any recommendations for companies that do penetration 
testing? We are considering bringing in an outside company to do 
penetration testing on Lehigh's systems and network and would like 
someone with experience in the higher ed domain. Reply here or off-line if you prefer.

Willis Marti
Director and CISO
Networking and Information Security
Texas A&M University

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]