RE: Audit Tools

From: SysAdmin (breeze@granis.net)
Date: 08/31/01

• Previous message: Marnix Petrarca: "Re: Audit Tools"
• In reply to: Evan Mann: "RE: Audit Tools"
• Next in thread: Evan Mann: "RE: Audit Tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "SysAdmin" <breeze@granis.net>
To: <focus-ms@securityfocus.com>
Subject: RE: Audit Tools
Date: Thu, 30 Aug 2001 15:46:24 -0700
Message-ID: <NFBBLFFCELGGEKMKPPCKOEFCCGAA.breeze@granis.net>

Over alerting is one thing, but giving inaccurate information just confuses
the standard user and generally scares the hell out of them. One thing we
need are users who are confident and knowledgeable about what they do on a
network. That way they can describe the problem in articulate terms and
not be afraid to talk to their netadmin. Not to mention that a
knowledgeable
and confident user is more likely to partake of an online transaction.

And there once was a boy who cried wolf....

>Off the topic here, but...

>I have yet to personally use Retina, but I tend to prefer 'fluff' when it
>comes to security. Example:

>BlackICE Defender as a home based firewall reports 99.5% of the time false
>positives, showing you port probes and pings as "attacks". Most home
>firewall users blast the program for doiung that claiming false sense of
>paranoia on home users. Me personally? I liked it (when I used BlackICE,
>I've since switched to Tiny Personal Firewall). For someone who knows what
>they're doing and has some form of a clue about security, all those false
>positives and fluff are good indicators of what is happening to your system
>and what it's doing to react. Even if you don't need to know it, and it
>takes extra time to sift through, I wouldn't call a product bad or not
>effective just because it wastes a little bit of my time.

>>Retina is full of false positives. Many of the "Security Risks" it
>>identifies, requires sifting through too much fluff to actually get to the
>>items that are pertinent. The reporting is far from "Top Notch".

---

• Previous message: Marnix Petrarca: "Re: Audit Tools"
• In reply to: Evan Mann: "RE: Audit Tools"
• Next in thread: Evan Mann: "RE: Audit Tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc) Re:RE : suggestions on a good firewall ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ... (Security-Basics) Re: What is the Pattern here ? ... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-08