Re: Why Security testing is required

From: Fralick, Alan (Alan.Fralick_at_amvescap.com)
Date: 02/24/04

  • Next message: Mark A. Villanova: "RE: Patch manager for IBM AIX"
    To: "'armfield@amnh.org'" <armfield@amnh.org>, "'themattlyon@hotmail.com'" <themattlyon@hotmail.com>, "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
    Date: Tue, 24 Feb 2004 13:58:25 -0600
    
    

    The point below is valid but the real "Why" is that all the world is
    dynamic.
    #1. Intended and documented network changes are constantly occuringing by
    design as you add PCs, Servers, Users, applications, network connections or
    entire networks.
    #2. Unintended or undocumented network changes occur. This may be do to
    failure to capture/document changes or from unauthorized changes.
    #3 New vulnerablities are discovered which require changes to security,
    which require testing.
    #4. New threats are developed for existing vulnerabilities that may increase
    risks and warrant more security changes.

    Alan Fralick
    --------------------------
    Alan Fralick
    AMVESCAP Retirement
    IT Operations Manager
    (o) 404-879-3572
    (m) 404-409-3100
    alan.fralick@amvescap.com

    -----Original Message-----
    From: Raoul Armfield <armfield@amnh.org>
    To: 'Matt Lyon' <themattlyon@hotmail.com>; security-basics@securityfocus.com
    <security-basics@securityfocus.com>
    Sent: Mon Feb 23 13:31:49 2004
    Subject: RE: Why Security testing is required

    You could compare it to checking all the doors and windows to make sure
    that they are locked before leaving the house or going to bed. Just
    because you have doors, windows and locks you do not assume that your
    house is secure. Same with your network. You periodically need to make
    sure that everything is up to par.

    Raoul

    :-----Original Message-----
    :From: Matt Lyon [mailto:themattlyon@hotmail.com]
    :Sent: Thursday, February 19, 2004 9:07 PM
    :To: security-basics@securityfocus.com
    :Subject: RE: Why Security testing is required
    :
    :
    :
    :
    :>>Hi List,
    :>
    :>As a non technical person I want to know why security testing
    :is required
    :>when all security systems like Firewall, IDS and content
    :management are in
    :>place.
    :>
    :>This is a very basic question but I want to know answers from
    :different
    :>users point of view like:-
    :>
    :>1. system Administrator
    :>2. system Manager
    :>3. User
    :>4. CEO of the company
    :>
    :>Thanks in advance.
    :>
    :>NKP
    :>
    :
    :Because you can't assume the infalibility of those systems. An
    :employee
    :could introduce a hole and not know it thus leaving your whole system
    :vulnerable.
    :
    :IMHO the hardest part of keeping a network secure is limiting
    :the human
    :factor.
    :
    :_________________________________________________________________
    :Take off on a romantic weekend or a family adventure to these
    :great U.S.
    :locations. http://special.msn.com/local/hotdestinations.armx
    :
    :
    :---------------------------------------------------------------
    :------------
    :Free trial: Astaro Security Linux -- firewall with Spam/Virus
    :Protection
    :
    :Protect your network with the comprehensive security solution that
    :integrates six applications for ease of use and lower TCO.
    :
    :Firewall - Virus protection - Spam protection - URL blocking - VPN
    :- Wireless security.
    :
    :Download 30-day evaluation at:
    :http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    :---------------------------------------------------------------
    :-------------
    :
    :

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
    ----------------------------------------------------------------------------

    -----------------------------------------
    Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Mark A. Villanova: "RE: Patch manager for IBM AIX"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • RE: How to find a changing IP on ethernet network
      ... Port Security is a good Cisco feature for a small LAN but when working ... with large networks with roaming users, I would use Port Authentication ... Identity Based Network Security and uses 802.1x at the client ... firewall with virus/spam protection, URL filtering, ...
      (Security-Basics)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)