Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners

from [Harlan Carvey] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Date: Wed, 28 Apr 2004 15:04:26 -0700 (PDT) 
 

Question: Should admins be using security

scanners?

Someone should be.  Admins should be to confirm that
their environment is in
the state that they believe it to be.


I guess we'll have to agree to disagree.  In my
experience, the guy who set a system up shouldn't be
the one to inspect it, or verify it.  

Also, I'm sort of thinking that if someone doesn't
know how to set up and maintain a system, what good is
it for that same person to run a scanner on it?
 

Again, have new types of vulnerabilities been
discovered, are there new best
practices.  The reason Code Red hit so hard was
because people didn't know
about removing script mappings - it wasn't a common
best practice.  It
became one pretty quickly after Code Red.


Actually, the best practice of removing unnecessary
functionality has long been in place, well before Code
Red reared it's head.  The same is true with the best
practice of removing unnecessary script
mappings...this was documented by Microsoft and
available for free from their site well before Code
Red came out.
 
With regards to the rest of your comments, I think
you're missing the point.  I'm not saying that a
security scanner shouldn't be run...I just don't think
that admins should be the ones to run the scanner.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: AW: [Full-Disclosure] no more public exploits, Ng, Kenneth (US)
Next by Date:  RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK)
Previous by Thread:  RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Stuart Fox (DSL AK)
Next by Thread:  RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Frank Knobbe
Indexes:  [Date] [Thread] [Top] [All Lists]