Network Security: Detailed info on RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners

Subject:	RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Date:	Wed, 28 Apr 2004 16:18:17 -0500

It depends on who you get.  At a previous job I was once asked to provide a
printout of the file permissions of every file on every system.  After
delivering I think it was four cartons of paper for one system, I think he
changed his mind because he didn't ask for the other systems.

But the best ever was from a goverment auditor doing a securities
investigation.  Said auditor wanted all transactions between us and XXX
between such and such dates.  Ok, we said, what format tape do you want it
on?  They insisted on a printout.  So, I think it was 14 cartons of 8.5x11
paper.  A few months later we asked them how they were doing.  They said
that they were having difficulty (AND I KID YOU NOT) OCR'ING IT BACK INTO
ELECTRONIC FORMAT.  Now think about this.  Every transaction is a series of
about 80-120 numbers of accounts, stocks, amounts, etc.  Given an OCR
accuracy of 90% (this was the early 90's), every line that they OCR'ed in
had an error on it.  Not very useful for searching for illegal trading.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com]On Behalf Of Starford,
Christopher D.
Sent: Wednesday, April 28, 2004 3:55 PM
To: 'Harlan Carvey'
Cc: 'full-disclosure@netsys.com'
Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security
Scan ners


Harlan,
 
I believe many true IT Security Auditors out there would agree that your
wrong on this one.

-How will I ever pass my IT Security Audits?
 
Don't worry about it...most audits don't seem to have
an IT background, and even when they do, they don't
take the time to understand your business processes or
your network infrastructure.


__________________________________________________
Christopher D. Starford
SAIC Enterprise Security Sulutions

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************

<Prev in Thread]	Current Thread	[Next in Thread>
RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Starford, Christopher D. RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Ng, Kenneth (US) <= RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK) RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK) RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Ron DuFresne RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Starford, Christopher D.

Previous by Date:	RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., Bryce Porter
Next by Date:	RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK)
Previous by Thread:	RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Starford, Christopher D.
Next by Thread:	RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK)
Indexes:	[Date] [Thread] [Top] [All Lists]