Firewall Wizards mailing list archives
RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Thu, 22 Aug 2002 10:16:21 -0400
One could also argue that according to the practice of only allowing what is needed and blocking all else, some sort of access control should be in place that prevents FTP traffic from ever getting to that server. FTP traffic beyond that of authorized servers should be denied at the perimeter. An audit of your security practices would tell you whether you have denied all FTP. A scanner can only tell you that host w.x.y.z is running an FTP server and you can access it.
Sounds great in theroy, but I think many companies probably face a staff that at best doesn't understand, or at worst, opening is hostile, to written security and IT policies and practicies. If you have a 30 office company, it's sometimes impossible to limit what might happen in your Corn Field, Iowa office. If a consultant out there decides to throw a hub inbetween the router and the firewall, and figures out some free address... Of course, you can limit this with mac address filtering and such, but sometimes we all have resource issues and things are missed or put off. Scanning has it's place. I think it's vital to do mulitple things to assure your policies are being followed, from audits to scanning (which is really part of a good audit in my mind). The bottom lines is that in any company that has just a hint of IT knowledgable (read: dangerous) staff, you'll have things on your network you didn't authorize and don't want. And this is before even considering internal issues. Get hit with a code-red, and suddenly you are very concerned about who is running unpatched IIS on your internal networks. A scanner is *very helpful* for triaging that. --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ), (continued)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)