Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners

from [Frank Knobbe] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
Date: Wed, 28 Apr 2004 18:32:39 -0500 
On Wed, 2004-04-28 at 17:04, Harlan Carvey wrote:

Someone should be.  Admins should be to confirm that
their environment is in
the state that they believe it to be.


I guess we'll have to agree to disagree.  In my
experience, the guy who set a system up shouldn't be
the one to inspect it, or verify it.  


and
 

With regards to the rest of your comments, I think
you're missing the point.  I'm not saying that a
security scanner shouldn't be run...I just don't think
that admins should be the ones to run the scanner.




Heya Harlan, long time.

I think you are missing the point. I don't think Stuart is saying that
the admins should also be the auditors. But they should run scanners and
other security tools to verify that they did their job correctly. But
only to the extend to make corrections and such. They should not perform
an "audit" per se.

You still need independent (either outside the company or an audit
department) that runs those tools (and more) themselves during the audit
that will generate a report to management. This is probably what you are
thinking of. 

I don't think we're saying admins should audit themselves. But admins
should run tools to ensure that they did their job ok.

Cheers,
Frank

-- 
Warning at the Gates of Bill:  
Abandon hope, all ye who press <ENTER> here...

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] mozilla firefox 0.8 - linux (probably mozilla too) cut/paste (semi) vulnerability, Michael Williamson
Next by Date:  Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., KF (lists)
Previous by Thread:  RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Harlan Carvey
Next by Thread:  Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners, Jeremiah Cornelius
Indexes:  [Date] [Thread] [Top] [All Lists]