Re: Allowing scanning from home
From: xyberpix (xyberpix_at_xyberpix.com)
To: Donald Voss <email@example.com> Date: Sat, 30 Oct 2004 22:06:36 +0100
I would say that a thorough inspection of the host network that's going
to be doing the scanning should be done. That's what we do at our place,
in regard to employee's and any itsec contractors that we have in. It
may be an invasion of privacy, but spoofing an IP addy is a very trivial
task, and social engineering can lead to a world of wealth.
Just my 2p's worth.
On Thu, 2004-10-28 at 21:33, Donald Voss wrote:
> I'm not the group .. but my $.02.
> Policy, policy, policy, as in your company's.
> Satisfy that .. or decide one needs to be written and approved.
> Then .. a get out of jail card .. written .. by supervisor on up if need
> be with details - names, tools, - maybe a time period .. a report, etc.
> firstname.lastname@example.org wrote:
> > What's the group's consensus on allowing security staff to scan the company's external interfaces from their home, to get a true external assessment. I personally don't agree with this for audit and other reasons. Just looking for some other professional viewpoints. Thx.
> > __________________________________________________________________
> > Switch to Netscape Internet Service.
> > As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
> > Netscape. Just the Net You Need.
> > New! Netscape Toolbar for Internet Explorer
> > Search from anywhere on the Web and block those annoying pop-ups.
> > Download now at http://channels.netscape.com/ns/search/install.jsp
-- For Security and Open Source news: http://xyberpix.demon.co.uk
- application/pgp-signature attachment: This is a digitally signed message part