Firewall Wizards mailing list archives

RE: Penetration testing via shrinkware

From: Gary Crumrine <gcrum () us-state gov>
Date: Thu, 3 Sep 1998 14:02:05 -0400

Interesting points of view.  And I agree with every comment mad so 
far by Bennett and others.  But one thing strikes me sort of funny, 
is that many respected, well known people with reputations in the 
industry tend to have a different perspective on this issue, than the 
poor business owner or some division head who has just been handed 
the new "Project".

You have to remember that there is a critical shortage of truly 
knowledgeable individuals available to help them along.  In these 
cases, and if research statistics on the future is any indication, 
then I think that this sort of product is indeed a handy little tool, 
and will reap a lot of $ for somebody.

I think there are a lot more people out there that don't have a clue 
than the good guys.  Which makes for a very nice market to sell your 
whares if you make one of these products.  If nothing more than 
produce those nice tree killing reports that the client's management 
likes to see.

More importantly, is how dangerous they may become when they get a 
little bit of smarts under their belts and bra straps.
-----Original Message-----
From:   Bennett Todd [SMTP:bet () mordor net]
Sent:   Thursday, September 03, 1998 10:35 AM
To:     Stout, Bill; Firewall-wizards
Subject:        Re: Penetration testing via shrinkware

Automated software scanners are useful tools for scanning many 
machines.

If all you're interested in is a single machine, you can look at it 
by hand
quicker than you can configure an automated scanner, and do a more 
thorough
job.

But if you want to check up on hundreds or thousands of hosts, an 
automated
scanner is a must. An automated scanner is therefore good for raising 
the
overall security of all the machines on a large network, up above 
some low
baseline threshhold. If you get the very best security scanner, that 
baseline
may even be slightly above the level hit by automated burglarly tools
currently in circulation --- though I wouldn't want to bet on it.

-Bennett

Current thread:

Penetration testing via shrinkware Stout, Bill (Sep 03)
- Re: Penetration testing via shrinkware Bennett Todd (Sep 03)
- Re: Penetration testing via shrinkware Sheila //or// Bob (depends on who's writing) (Sep 06)
- Re: Penetration testing via shrinkware Stephen P. Berry (Sep 06)
- <Possible follow-ups>
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 03)
  - Re: Penetration testing via shrinkware emaiwald (Sep 03)
- Re: Penetration testing via shrinkware Dominique Brezinski (Sep 03)
- Re: Penetration testing via shrinkware Ryan Russell (Sep 03)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
  - RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
    - Re: Penetration testing via shrinkware tqbf (Sep 17)
    - Re: Penetration testing via shrinkware Crispin Cowan (Sep 18)
    - Re: Penetration testing via shrinkware Ted Doty (Sep 19)
    - Re: Penetration testing via shrinkware tqbf (Sep 19)
    - Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
    - Re: Penetration testing via shrinkware Christopher Nicholls (Sep 19)
    - Re: Penetration testing via shrinkware Adam Shostack (Sep 20)
    - Re: Penetration testing via shrinkware Ivan Arce,CORE SDI (Sep 23)
    - Re: Penetration testing via shrinkware tqbf (Sep 21)

(Thread continues...)