RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners

From: Frank Knobbe (frank_at_knobbe.us)
Date: 04/29/04

  • Next message: KF (lists): "Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow." 
    To: Harlan Carvey <keydet89@yahoo.com>
Date: Wed, 28 Apr 2004 18:32:39 -0500

    On Wed, 2004-04-28 at 17:04, Harlan Carvey wrote:
    > > Someone should be. Admins should be to confirm that
    > > their environment is in
    > > the state that they believe it to be.
    >
    > I guess we'll have to agree to disagree. In my
    > experience, the guy who set a system up shouldn't be
    > the one to inspect it, or verify it.

    and
     
    > With regards to the rest of your comments, I think
    > you're missing the point. I'm not saying that a
    > security scanner shouldn't be run...I just don't think
    > that admins should be the ones to run the scanner.

    Heya Harlan, long time.

    I think you are missing the point. I don't think Stuart is saying that
    the admins should also be the auditors. But they should run scanners and
    other security tools to verify that they did their job correctly. But
    only to the extend to make corrections and such. They should not perform
    an "audit" per se.

    You still need independent (either outside the company or an audit
    department) that runs those tools (and more) themselves during the audit
    that will generate a report to management. This is probably what you are
    thinking of.

    I don't think we're saying admins should audit themselves. But admins
    should run tools to ensure that they did their job ok.

    Cheers,
    Frank 

    -- 
Warning at the Gates of Bill:  
Abandon hope, all ye who press <ENTER> here...

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: KF (lists): "Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow."

    Relevant Pages

    • Re: Audit
      ... First question to ask is "Audit what?". ... Files access can be audited based on any ... group, including Admins. ...
      (microsoft.public.win2000.active_directory)
    • Auditing mailbox access
      ... opens another user's mailbox? ... We need to audit our Domain ... Admins and make sure no one is reading mail when they ...
      (microsoft.public.exchange.admin)
    • Re: Audit Mailbox permission changes - Exchange 2007
      ... for auditing when an admin grants mailbox access to another users ... Yes I trust our admins, I am one of the admins that I want to be able ... is being used as it should, and without a good way to show an audit ...
      (microsoft.public.exchange.admin)
    • Re: Log access or prevent access to private/confidential information.
      ... You can audit the file but again you have to remember to look or get your ... You can't give ownership but can give permissions - so even if an admin ... Admins can grant ownership - at least they can on a Windows ... Prev by Date: ...
      (microsoft.public.windowsxp.help_and_support)
    • RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
      ... Admins should be to confirm that their ... Well in some environments that's not an option. ... might not get anything from running a scanner. ... the best practice of removing unnecessary ...
      (Full-Disclosure)