RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: Crispin Harris (crispin@internode.on.net)
Date: 08/21/02
- Next message: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Maybe in reply to: Josh Welch: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Crispin Harris" <crispin@internode.on.net> To: "Josh Welch" <jwelch@buffalowildwings.com>, <firewall-wizards@honor.icsalabs.com> Date: Wed Aug 21 23:02:18 2002
>One could also argue that according to the practice of only
>allowing what is needed and blocking all else, some sort of
>access control should be in place that prevents FTP traffic
>from ever getting to that server. FTP traffic beyond that of
>authorized servers should be denied at the perimeter. An
>audit of your security practices would tell you whether you
>have denied all FTP. A scanner can only tell you that host
>w.x.y.z is running an FTP server and you can access it.
This is a useful piece of information in itself, as it says 2 things directly,
and several more indirectly:
1) FTP is not sufficiently limited.
2) w.x.y.z is running an FTP server.
also:
a) Your ingress filters are not correct
b) Your ingress filters have probably not been reviewed recently (supposition)
c) w.x.y.z is an "interesting system". This is grounds for a closer investigation.
d) w.x.y.z's administrator is not complying with SecPol.
e) system & network documentation is probably not accurate.
f) how did w.x.y.z get onto a controlled network in the first place? (investigation/politics).
This is then an example of the usefulness of {port, network, vulnerability
}scanners. Like any other tool, the use/existance of a particular tools should
not be substituted for intelligence and/or informed investigation.
Kind Regards,
Crispin Harris
Security Engineer
crispin@adelaide.on.net
-- Sent using Internode WebMail http://www.internode.on.net/
- Next message: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: Anton J Aylward, CISSP: "Re: [fw-wiz] concerning ~el8 / project mayhem"
- Maybe in reply to: Josh Welch: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Reply: R. DuFresne: "RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
