Security Basics mailing list archives
Re: Why Security testing is required
From: captgoodnight () acsalaska net
Date: Fri, 20 Feb 2004 16:17:59 -0900
On Thursday 19 February 2004 05:07 pm, Matt Lyon wrote:
Hi List,As a non technical person I want to know why security testing is required when all security systems like Firewall, IDS and content management are in place. This is a very basic question but I want to know answers from different users point of view like:-
good ?, 1. system Administrator (see if they REALLY KNOW WHAT TO DO, did they pass the cert tests by remembering answers or by real world experience? Can they produce/kill exploits in the wild? Can they think on their feet? Can they work as a team instead of a bunch of big headed single individual know nothings? Are they as much of a white hat as a black hat can be a black hat? Do they know more than M$ speak and spell? Do they understand networking at all levels? Basically, test the hell out of them with no prior knowledge to see if they're worth the $, if not, bring in some team players that are.) 2. system Manager (info gathering from #1, after all, this person made some of if not all of the hiring of the admins. A manager's employees are branches of himself. How does this person react to his team failing or succeeding?) 3. User (simple security, admin to end user communication skills, info gathering, incease productivity...) 4. CEO of the company (piece of mind that all info is high end most likely secure. That the company works or doesn't work as a unit, apply the trickle effect where prescribed.) To sum up, tons upon tons of info gathering. LEARN LEARN LEARN, it's the same as backup procedures, does it really work? Test those polices, configs, hardware, apps, network model, user base, admin base- test the whole model. Can it be more efficient? yadda yadda yadda, add science to network security, and ya can't go wrong. I think;) only an opinion, cg PS- sorry if that's a little rough, I just have a general problem with a few admins here and there. To much text book and not enough real world knowledge, day after day, dollar after dollar, drives me a little batty ;( Where ravens sleep No object can stop the driving rain In wind, the smallest object can be deadly Face the sun, to not see the shadows Only the dead have seen the end to war Linux --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- RE: Why Security testing is required Matt Lyon (Feb 20)
- Re: Why Security testing is required Meritt James (Feb 24)
- Re: Why Security testing is required Rishi Pande (Feb 24)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- <Possible follow-ups>
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)