I have kicked off two internal scans. One of the interesting subnets that Andrew sent, and the other scan for the other subnets. These scans are TCP only. I'll kick off a UDP scan of certain subnets that Andrew gave me on Monday.
I have also changed my password to the Nessus server so everyone can login with my account on that box. That way each of you can see the scan results and pull whatever you want.
https://172.16.200.50:8834 u: walton p: nessus
Mark
On Thu, Jan 23, 2014 at 5:31 PM, Dave Nielsen David.Nielsen@uvu.edu wrote:
If we all had the credentials used from the scan we could login to the Nessus system an utilize the different sorting and searching features.
Dave Nielsen (nielseda@uvu.edu)
UVU / OIT Security
On Jan 23, 2014, at 2:04 PM, "Mark Walton" walton@suu.edu wrote:
Andrew,
Yes, I can start the internal scan tomorrow morning.
I would suggest that we break up the internal scans, just so the individual results files are a little easier to work with. Maybe a scan of the interesting subnets, and then dividing up the remaining subnets into 1 or 2 different scans.
Thoughts?
Mark
On Thu, Jan 23, 2014 at 1:22 PM, Andrew Goble goble@dixie.edu wrote:
I've reconfigured the nessus box and it now has an interface on our internal network. The scanner's IP is 144.38.66.25 and you can use addresses in the 144.38.66.24/29 range during the assessment. ( I can get more in the 66 VLAN as needed, may not be contiguous.) This is the building subnet in the Holland building. It does not, by default, have privileged access to all campus networks, but I have full confidence in your abilities to get beyond that, or in Chuck's words, make me cry.
I have not moved the outside interface of the strike package, its still accessible on 205.126.0.222.
Mark, how do you feel about starting the internal scan tomorrow morning?
We've probably got enough lead time that we can start a scan now of the whole internal environment and have it done by the time you all are here Monday. If you aren't confident in that, let me know and I'll provide you a list of the most interesting subnets and we can run a couple scans.
Thanks, Andrew
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess