Security Basics mailing list archives

RE: Allowing scanning from home

From: "Jeff Gercken" <JeffG () kizan com>
Date: Fri, 29 Oct 2004 14:12:30 -0400

Sooo every private company contracted to perform an external security
evaluation is breaking the law?  I am unaware of any such law in the US.
To which Country(s) are you referring?  

-Jeff

-----Original Message-----
From: Will Thornsbury [mailto:pro_logos () hotmail com] 
Sent: Thursday, October 28, 2004 9:41 PM
To: voss () albany edu; ericaldrc51 () netscape net
Cc: security-basics () securityfocus com
Subject: Re: Allowing scanning from home

I have to say though that if you're doing penetrations, even testing
over an 
ISP's connection then that could be considered illegal. Even if the CIO
or 
IT Manager authorized this kind of activity, you still are coming in
over an 
ISP connection. I would suggest plugging into the company's external
router 
or switch and doing tests that way.

From: Donald Voss <voss () albany edu>
To: ericaldrc51 () netscape net
CC: security-basics () securityfocus com
Subject: Re: Allowing scanning from home
Date: Thu, 28 Oct 2004 16:33:22 -0400

Eric,

I'm not the group .. but my $.02.

Policy, policy, policy, as in your company's.

Satisfy that .. or decide one needs to be written and approved.

Then .. a get out of jail card .. written .. by supervisor on up if

need be

with details - names, tools,  - maybe a time period .. a report, etc.

/don


ericaldrc51 () netscape net wrote:

What's the group's consensus on allowing security staff to scan the 
company's external interfaces from their home, to get a true external 
assessment.  I personally don't agree with this for audit and other 
reasons.  Just looking for some other professional viewpoints.  Thx.

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at 
http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp



--

______________________________________________________________
Donald W. Voss                              voss () albany edu
Sr.Systems Analyst
AS218 Geography Department
The University at Albany
Albany, NY, USA 12222

1 kilometer = 112.48593925759280089988751406074 cups of coffee.

Current thread:

RE: Allowing scanning from home Dan Denton (Nov 01)
- <Possible follow-ups>
- Re: Allowing scanning from home Nathaniel Hall (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- Re: Allowing scanning from home Dan Tesch (Nov 01)
- Re: Allowing scanning from home xyberpix (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- RE: Allowing scanning from home Steven Trewick (Nov 02)