Re: Allowing scanning from home

["Will Thornsbury" <pro_logos () hotmail com>]

I have to say though that if you're doing penetrations, even testing over an 
ISP's connection then that could be considered illegal. Even if the CIO or 
IT Manager authorized this kind of activity, you still are coming in over an 
ISP connection. I would suggest plugging into the company's external router 
or switch and doing tests that way.

> From: Donald Voss <voss () albany edu>
> To: ericaldrc51 () netscape net
> CC: security-basics () securityfocus com
> Subject: Re: Allowing scanning from home
> Date: Thu, 28 Oct 2004 16:33:22 -0400
>
> Eric,
>
> I'm not the group .. but my $.02.
>
> Policy, policy, policy, as in your company's.
>
> Satisfy that .. or decide one needs to be written and approved.
>
> Then .. a get out of jail card .. written .. by supervisor on up if need be 
> with details - names, tools,  - maybe a time period .. a report, etc.
>
> /don
>
>
> ericaldrc51 () netscape net wrote:
> > What's the group's consensus on allowing security staff to scan the 
> > company's external interfaces from their home, to get a true external 
> > assessment.  I personally don't agree with this for audit and other 
> > reasons.  Just looking for some other professional viewpoints.  Thx.
> >
> > __________________________________________________________________
> > Switch to Netscape Internet Service.
> > As low as $9.95 a month -- Sign up today at 
> > http://isp.netscape.com/register
> >
> > Netscape. Just the Net You Need.
> >
> > New! Netscape Toolbar for Internet Explorer
> > Search from anywhere on the Web and block those annoying pop-ups.
> > Download now at http://channels.netscape.com/ns/search/install.jsp
>
>
> --
>
> ______________________________________________________________
> Donald W. Voss                              voss () albany edu
> Sr.Systems Analyst
> AS218 Geography Department
> The University at Albany
> Albany, NY, USA 12222
>
> 1 kilometer = 112.48593925759280089988751406074 cups of coffee.