Firewall Wizards mailing list archives
Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Thu, 22 Aug 2002 12:41:03 -0400
Sounds great in theroy, but I think many companies probably face a staff that at best doesn't understand, or at worst, opening is hostile, to written security and IT policies and practicies. If you have a 30 office company, it's sometimes impossible to limit what might happen in your Corn Field, Iowa office. If a consultant out there decides to throw a hub inbetween the router and the firewall, and figures out some free address... Of course, you can limit this with mac address filtering and such, but sometimes we all have resource issues and things are missed or put off.
When users bypass technology controls, policies need to take over. "Mr. Consultant, your fired for taking deliberate action to bypassing security controls and jeapordizing this corporation.".
Scanning has it's place. I think it's vital to do mulitple things to assure your policies are being followed, from audits to scanning (which is really part of a good audit in my mind).
I likewise feel scanners, with constantly updated signatures, run regularly, can enhance the ablities of a security department. Scanners should not been viewed as replacement or a bandaide for missing security processes / proceedures.
The bottom lines is that in any company that has just a hint of IT knowledgable (read: dangerous) staff, you'll have things on your network you didn't authorize and don't want. And this is before even considering internal issues. Get hit with a code-red, and suddenly you are very concerned about who is running unpatched IIS on your internal networks. A scanner is *very helpful* for triaging that.
--------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ), (continued)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)