Security Basics mailing list archives
RE: Why Security testing is required
From: "Steve" <steve () nuclear-monkeys co uk>
Date: Fri, 20 Feb 2004 23:38:02 -0000
Hi List,As a non technical person I want to know why security testing is required when all security systems like Firewall, IDS and content management are in place. This is a very basic question but I want to know answersfrom differentusers point of view like:- 1. system Administrator 2. system Manager 3. User 4. CEO of the company Thanks in advance. NKPBecause you can't assume the infalibility of those systems. An employee could introduce a hole and not know it thus leaving your whole system vulnerable. IMHO the hardest part of keeping a network secure is limiting the human factor.
From the point of view of a lowly system grunt :) I can say it's exactly
like Matt said. Pure human error is probably one of the major factors in alot of system compromises and an external audit is one of the best ways to spot it. A firewall is only as good as the rules setup in it and an IDS is only as good as the signature database it's using. A simple typo could mean that your not really blocking port 80 but 89 instead or a checkbox has been checked\unchecked changing an deny rule into an allow rule. Anything from your IT guys giving it a quick scan with a free program like nmap, nessus or languard to contracting in a specialist company needs to be done imho. If something bad does happen and you can say "well the sys admin scanned it and we got a company to test it 2 months ago" holds alot more water than "we thought we were secure" Regards Steve --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- Re: Why Security testing is required, (continued)
- Re: Why Security testing is required Meritt James (Feb 24)
- Re: Why Security testing is required Rishi Pande (Feb 24)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)