Full Disclosure mailing list archives
RE: Top 15 Reasons Why Admins Use Security Scan ners
From: "Stuart Fox (DSL AK)" <StuartF () datacom co nz>
Date: Thu, 29 Apr 2004 09:33:29 +1200
I think you're oversimplifying things a little. Comments inline.
But there's also another way to look at the original comment...security is a process. Running a vulnerability scanner isn't a process...it's a point-in-time check, a snapshot.
But running a security scanner could well be part of that process. Part of the security management process is assessing what you have and why it's like it is. A security scan could well indicate areas where your process and policies could be improved. Sure, a vulnerability scanner is a point in time check, but it's one way to help you identify what your current state is. If you don't know that your process is faulty, you don't stand a chance. A good IT security auditor won't focus on the fact
that certain systems have vulnerabilities...he or she will focus on *why* they have the vulnerabilities.
That's a really good point, and does need to be considered. However, if the auditor doesn't know that there *are* vulnerabilities, how will they know to look for the *why*? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Top 15 Reasons Why Admins Use Security Scan ners Starford, Christopher D. (Apr 28)
- <Possible follow-ups>
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ng, Kenneth (US) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Stuart Fox (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Stuart Fox (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ron DuFresne (Apr 30)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Starford, Christopher D. (Apr 30)