You also need to be wary of the systems you are scanning. If you have legacy systems or custom services on your network they may not react well to the scans.
When will you conduct the scanning? You may want to time it best so you can react to outages. A whole mess of things to consider. If you have a person with a security related-degree or has done work like this bring them in. It is more complicated than just "running a scan". Ryan Peck On Fri, May 17, 2013 at 9:12 PM, unix_fan <[email protected]> wrote: > Not on that one in particular but .... > The scanners are the easy part, all vendors have solid offerings. > The giant database of stuff you'll capture is where you should focus your > scrutiny. > > Food for thought: > How many IPs will you scan (almost all Enterprise grade solutions are > licensed per IP)? > How long do you want to keep the data? > Do you really plan on doing credentialed scanning? > > Does the system do rudimentary login attempts? > Yes, you will be amazed at the lameness you'll find. > > ------------------------------ > *From:* Stephan Fabel <[email protected]> > *To:* [email protected] > *Sent:* Friday, May 17, 2013 1:54 PM > *Subject:* [lopsa-tech] security scanning tools > > So our central IT has decided they want to implement security scanning > of departmental servers. They used to use OpenVAS but now think of using > QualsysGuard Enterprise. Does anyone have any experience with this? They > asked me to beta test, and I would appreciate any input from you guys. > > Thanks, > Stephan > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > > > > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
