Educause Security Discussion
mailing list archives
Re: Penetration Testing
From: Dennis Bolton <bolton () OAKLAND EDU>
Date: Wed, 19 Dec 2012 10:58:00 -0500
Spider Labs. an affiliate of Trustwave, offers Pen-Test services.
On Wed, Dec 19, 2012 at 10:38 AM, Bradley, Stephen W. Mr. <
bradlesw () miamioh edu> wrote:
If you just want a scan Tenable provides the Nessus scan from off-site for
$3,600/year. You configure it and run it when and on what you want. From
that information you can see what ports are open and a rough idea of what
might be vulnerable. Then you can dive deeper with other tools or farm it
From: The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () listserv educause edu] On Behalf Of Willis Marti
Sent: Wednesday, December 19, 2012 9:59 AM
To: SECURITY () listserv educause edu
Subject: Re: [SECURITY] Penetration Testing
Do you actually mean "penetration testing" or do you really want a
vulnerability assessment? Or just an external vulnerability scan?
LOTS of folk will do a Nessus-like scan, possibly rating the
vulnerabilities high/medium/low, but very few will go further and say "your
security status is passing/failing".
I don't think "zero defects" is reasonable for higher ed; we're not a
bank or military facility. Our job is to distribute information.
So what do you really want?
----- Original Message -----
Does anyone have any recommendations for companies that do penetration
testing? We are considering bringing in an outside company to do
penetration testing on Lehigh's systems and network and would like
someone with experience in the higher ed domain. Reply here or off-line
if you prefer.
Director and CISO
Networking and Information Security
Texas A&M University
Network Security Analyst
2200 N Squirrel Road Rochester MI 48309