Re: Security Audit

From: H C (keydet89@yahoo.com)
Date: 09/13/01


Message-ID: <20010913004938.80679.qmail@web14606.mail.yahoo.com>
Date: Wed, 12 Sep 2001 17:49:38 -0700 (PDT)
From: H C <keydet89@yahoo.com>
Subject: Re: Security Audit
To: "R. DuFresne" <dufresne@sysinfo.com>, ben.nagy@marconi.com.au, proberts@patriot.net, danielc@compman.co.uk

For the most part, I agree with Ben's comments. For
completeness, a system can be as secure as possible if
a vulnerability assessment of that system is
conducted, and that information is then used to launch
a "full disclosure pen-test" or perhaps more
appropriately, a "verification analysis".

However, like anything else, this is only a snapshot
of the system in time. We then get into the change
control/management process, and where verification
testing fits in such a process.

> But any "analysis" process should include external
> verification - ie that
> the box is doing what you told it to do, right?
>
> This is quite distinct from the traditional pen-test
> in that it isn't blind.
>
> I think that to create the most secure system
> possible, blind pen-testing is
> a waste of time -

__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)
  • "An Asp.Net accident waiting to happen" - Draft article
    ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • Re: Screensaver takes too much time to fade-out...
    ... If you are serious about making your machine secure, ... learn a thing or two about security. ... These logs are mailed to the root user at 3am. ... Setup dovecot and use a local email client to fetch it. ...
    (Fedora)