Full Disclosure mailing list archives
RE: Top 15 Reasons Why Admins Use Security Scan ners
From: "Ng, Kenneth (US)" <kenng () kpmg com>
Date: Wed, 28 Apr 2004 16:18:17 -0500
It depends on who you get. At a previous job I was once asked to provide a printout of the file permissions of every file on every system. After delivering I think it was four cartons of paper for one system, I think he changed his mind because he didn't ask for the other systems. But the best ever was from a goverment auditor doing a securities investigation. Said auditor wanted all transactions between us and XXX between such and such dates. Ok, we said, what format tape do you want it on? They insisted on a printout. So, I think it was 14 cartons of 8.5x11 paper. A few months later we asked them how they were doing. They said that they were having difficulty (AND I KID YOU NOT) OCR'ING IT BACK INTO ELECTRONIC FORMAT. Now think about this. Every transaction is a series of about 80-120 numbers of accounts, stocks, amounts, etc. Given an OCR accuracy of 90% (this was the early 90's), every line that they OCR'ed in had an error on it. Not very useful for searching for illegal trading. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Starford, Christopher D. Sent: Wednesday, April 28, 2004 3:55 PM To: 'Harlan Carvey' Cc: 'full-disclosure () netsys com' Subject: RE: [Full-disclosure] Top 15 Reasons Why Admins Use Security Scan ners Harlan, I believe many true IT Security Auditors out there would agree that your wrong on this one.
-How will I ever pass my IT Security Audits? Don't worry about it...most audits don't seem to have an IT background, and even when they do, they don't take the time to understand your business processes or your network infrastructure.
__________________________________________________ Christopher D. Starford SAIC Enterprise Security Sulutions _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Top 15 Reasons Why Admins Use Security Scan ners Starford, Christopher D. (Apr 28)
- <Possible follow-ups>
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ng, Kenneth (US) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Stuart Fox (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Stuart Fox (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ron DuFresne (Apr 30)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Starford, Christopher D. (Apr 30)