Educause Security Discussion mailing list archives
Re: SANS Post about EDU vulnerability scanning assignment
From: Randy Marchany <marchany () VT EDU>
Date: Thu, 2 Mar 2006 21:28:58 -0500
The only problem with this assignment is the failure to explicit require permission from the target of the scan. I give the same assignment but I EXPLICITLY REQUIRE they produce permission (email, paper form) from the target before they scan the systems. I also give them permission to scan machines in my lab. I also mention they can scan their own machines. Failure to obtain permission means no grade and possible arrest. If the prof makes these conditions explicit, I don't see a problem with the assignment. In fact, if you read what he requires them to include in their report, it's basically what you would get from an IT auditing firm. It's not clear from the original post where the prof required permission ahead of time. It has been my experience to run across profs who forget that critical requirement :-). -Randy
Current thread:
- SANS Post about EDU vulnerability scanning assignment Gary Flynn (Feb 28)
- <Possible follow-ups>
- Re: SANS Post about EDU vulnerability scanning assignment Jeni Li (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment charlie derr (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment Jeni Li (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment Michael Sinatra (Mar 01)
- Re: SANS Post about EDU vulnerability scanning assignment Gary Flynn (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment Randy Marchany (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment John Bambenek (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment Alec Yasinsac (Mar 03)
- Re: SANS Post about EDU vulnerability scanning assignment Randy Marchany (Mar 03)