Re: Why Security testing is required

[captgoodnight () acsalaska net]

On Thursday 19 February 2004 05:07 pm, Matt Lyon wrote:
> > > Hi List,
> >
> > As a non technical person I want to know why security testing is required
> > when all security systems like Firewall, IDS and content management are in
> > place.
> >
> > This is a very basic question but I want to know answers from different
> > users point of view like:-
good ?,


1.      system Administrator (see if they REALLY KNOW WHAT TO DO, did they pass the 
cert tests by remembering answers or by real world experience? Can they 
produce/kill exploits in the wild? Can they think on their feet? Can they 
work as a team instead of a bunch of big headed single individual know 
nothings? Are they as much of a white hat as a black hat can be a black hat? 
Do they know more than M$ speak and spell? Do they understand networking at 
all levels? Basically, test the hell out of them with no prior knowledge to 
see if they're worth the $, if not, bring in some team players that are.) 


2.      system Manager (info gathering from #1, after all, this person made some of 
if not all of the hiring of the admins. A manager's employees are branches of 
himself. How does this person react to his team failing or succeeding?)


3.      User (simple security, admin to end user communication skills, info 
gathering, incease productivity...)


4.      CEO of the company (piece of mind that all info is high end most likely 
secure. That the company works or doesn't work as a unit, apply the trickle 
effect where prescribed.)

To sum up, tons upon tons of info gathering. LEARN LEARN LEARN, it's the same 
as backup procedures, does it really work? Test those polices, configs, 
hardware, apps, network model, user base, admin base- test the whole model. 
Can it be more efficient? yadda yadda yadda, add science to network security, 
and ya can't go wrong. I think;)

only an opinion,
cg

PS- sorry if that's a little rough, I just have a general problem with a few 
admins here and there. To much text book and not enough real world knowledge, 
day after day, dollar after dollar, drives me a little batty ;(

Where ravens sleep
No object can stop the driving rain
In wind, the smallest object can be deadly
Face the sun, to not see the shadows
Only the dead have seen the end to war
Linux


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------