Re: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: B. Scott Harroff (Scott.Harroff@att.net)
Date: 08/22/02
- Next message: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: B. Scott Harroff: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- In reply to: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "B. Scott Harroff" <Scott.Harroff@att.net> To: "Kalat, Andrew (ISS Atlanta)" <akalat@iss.net>, "Josh Welch" <jwelch@buffalowildwings.com>, <firewall-wizards@honor.icsalabs.com> Date: Thu Aug 22 17:04:18 2002
>Sounds great in theroy, but I think many companies probably face a staff
>that at best doesn't understand, or at worst, opening is hostile, to
>written security and IT policies and practicies. If you have a 30 office
>company, it's sometimes impossible to limit what might happen in your
>Corn Field, Iowa office. If a consultant out there decides to throw a
>hub inbetween the router and the firewall, and figures out some free
>address... Of course, you can limit this with mac address filtering and
>such, but sometimes we all have resource issues and things are missed or
>put off.
When users bypass technology controls, policies need to take over. "Mr.
Consultant, your fired for taking deliberate action to bypassing security
controls and jeapordizing this corporation.".
>Scanning has it's place. I think it's vital to do mulitple things to
>assure your policies are being followed, from audits to scanning (which
>is really part of a good audit in my mind).
I likewise feel scanners, with constantly updated signatures, run regularly,
can enhance the ablities of a security department. Scanners should not been
viewed as replacement or a bandaide for missing security processes /
proceedures.
>The bottom lines is that in any company that has just a hint of IT
>knowledgable (read: dangerous) staff, you'll have things on your network
>you didn't authorize and don't want. And this is before even considering
>internal issues. Get hit with a code-red, and suddenly you are very
>concerned about who is running unpatched IIS on your internal networks.
>A scanner is *very helpful* for triaging that.
---------------------------------------------------------
Andrew J. Kalat, | Direct:(404)236-2713
| Main: (404)236-2600
Internet Security Systems, Inc. | E-Mail: akalat@iss.net
6303 Barfield Road | <http://www.iss.net/>
Atlanta, GA 30328 | PGP key available.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Previous message: B. Scott Harroff: "Re: RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- In reply to: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Next in thread: Kalat, Andrew (ISS Atlanta): "RE: [fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
