Re: Allowing scanning from home

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 10/30/04

Next message: Javier Blanque: "Re: Defense in Depth"

Previous message: adisegna_at_siscocorp.com: "FW: Traffic Analysis and Bandwidth Testing"
Maybe in reply to: Nathaniel Hall: "Re: Allowing scanning from home"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Donald Voss <voss@albany.edu>
Date: Sat, 30 Oct 2004 22:06:36 +0100

I would say that a thorough inspection of the host network that's going
to be doing the scanning should be done. That's what we do at our place,
in regard to employee's and any itsec contractors that we have in. It
may be an invasion of privacy, but spoofing an IP addy is a very trivial
task, and social engineering can lead to a world of wealth.

Just my 2p's worth.

xyberpix

On Thu, 2004-10-28 at 21:33, Donald Voss wrote:
> Eric,
>
> I'm not the group .. but my $.02.
>
> Policy, policy, policy, as in your company's.
>
> Satisfy that .. or decide one needs to be written and approved.
>
> Then .. a get out of jail card .. written .. by supervisor on up if need
> be with details - names, tools, - maybe a time period .. a report, etc.
>
> /don
>
>
> ericaldrc51@netscape.net wrote:
> > What's the group's consensus on allowing security staff to scan the company's external interfaces from their home, to get a true external assessment. I personally don't agree with this for audit and other reasons. Just looking for some other professional viewpoints. Thx.
> >
> > __________________________________________________________________
> > Switch to Netscape Internet Service.
> > As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
> >
> > Netscape. Just the Net You Need.
> >
> > New! Netscape Toolbar for Internet Explorer
> > Search from anywhere on the Web and block those annoying pop-ups.
> > Download now at http://channels.netscape.com/ns/search/install.jsp
> >

-- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

application/pgp-signature attachment: This is a digitally signed message part

Next message: Javier Blanque: "Re: Defense in Depth"

Previous message: adisegna_at_siscocorp.com: "FW: Traffic Analysis and Bandwidth Testing"
Maybe in reply to: Nathaniel Hall: "Re: Allowing scanning from home"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Allowing scanning from home
... Policy, policy, policy, as in your company's. ... > Switch to Netscape Internet Service. ... The University at Albany ...
(Security-Basics)
Re: [Info-ingres] Re: UK IUA agenda?
... I think Mike and I kicked SQLJ around a while ago, ... The central assertion is: if your database is a set of assertions of facts about things, best make sure you're talking about the right things. ... Switch to Netscape Internet Service. ...
(comp.databases.ingres)
Re: Time to shut down this list?
... Would you be willing to join Joshua Tinnin in supporting such a change ... newbies getting wrong answers. ... Switch to Netscape Internet Service. ...
(freebsd-newbies)
Re: Allowing scanning from home
... ISP's connection then that could be considered illegal. ... >Policy, policy, policy, as in your company's. ... >>Switch to Netscape Internet Service. ... >The University at Albany ...
(Security-Basics)
Re: [SLE] Control Center acting up
... > whether via the Control Center or the Command Line. ... > kill doesn't want to work, ... > Introducing the New Netscape Internet Service. ...
(SuSE)