Educause Security Discussion
mailing list archives
Re: Penetration Testing
From: "Bradley, Stephen W. Mr." <bradlesw () MIAMIOH EDU>
Date: Wed, 19 Dec 2012 10:38:34 -0500
If you just want a scan Tenable provides the Nessus scan from off-site for $3,600/year. You configure it and run it
when and on what you want. From that information you can see what ports are open and a rough idea of what might be
vulnerable. Then you can dive deeper with other tools or farm it out.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Willis
Sent: Wednesday, December 19, 2012 9:59 AM
To: SECURITY () listserv educause edu
Subject: Re: [SECURITY] Penetration Testing
Do you actually mean "penetration testing" or do you really want a vulnerability assessment? Or just an external
LOTS of folk will do a Nessus-like scan, possibly rating the vulnerabilities high/medium/low, but very few will go
further and say "your security status is passing/failing".
I don't think "zero defects" is reasonable for higher ed; we're not a bank or military facility. Our job is to
So what do you really want?
----- Original Message -----
Does anyone have any recommendations for companies that do penetration
testing? We are considering bringing in an outside company to do
penetration testing on Lehigh's systems and network and would like
someone with experience in the higher ed domain. Reply here or off-line if you prefer.
Director and CISO
Networking and Information Security
Texas A&M University