Re: Scanning--more then one side to the argument

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 03/31/05

  • Next message: Mike B: "Sentinel IPS"
    Date: Thu, 31 Mar 2005 13:57:33 +0100
    To: Sherman Hand <shand@adelphia.net>
    
    
    

    Sherman Hand wrote:
    >
    > There has been a on going discussion about the scanning results on our customers.
    >
    > Thought one says that "any" port on a standard nmap, showing as "open" is a security risk.
    >
    > Thought two says, no since some things need to show in a state of open.
    >
    > Should we be stating that through proactive scan, when we find any port
    > showing as open, that it is a security issue waiting to happen?
    >
    > Or only if we can show a issue?
    >
    > Thoughts?
    >
    > Shand

    Anything being "open" is a *potential* security issue. If you have a
    service running there is the *potential* for it to have bugs. This is
    contrasted with *actual* security issues where the port is open and the
    listening service has a vulnerability.
    Example:
    If I run a public web server I would open a port, this has the
    *potential* for security issues to occur, but as long as the service
    isn't vulnerable there is no *actual* security issue.

    Opening up running services does increase avenues of attack, increases
    risk and is why we only run services that are necessary.

    Is it a security issue waiting to happen? Yes absolutely, it can and
    most likely will become a security issue.

    This however is defining "security issue" as a definite attack vector.
    You could also define "security issue" as "something we need to consider
    in our security policy".

    What exactly is the significance of the question? and in what context do
    you have "security issue"

    -- 
    With Regards..
    Barrie Dempster (zeedo) - Fortiter et Strenue
    blog: http://zeedo.blogspot.com
    site: http://www.bsrf.org.uk
    CA: www.cacert.org
    "He who hingeth aboot, getteth hee-haw" - Victor (Still Game)
    
    



  • Next message: Mike B: "Sentinel IPS"

    Relevant Pages