Firewall Wizards mailing list archives
RE: Penetration testing via shrinkware
From: Gary Crumrine <gcrum () us-state gov>
Date: Thu, 3 Sep 1998 14:02:05 -0400
Interesting points of view. And I agree with every comment mad so far by Bennett and others. But one thing strikes me sort of funny, is that many respected, well known people with reputations in the industry tend to have a different perspective on this issue, than the poor business owner or some division head who has just been handed the new "Project". You have to remember that there is a critical shortage of truly knowledgeable individuals available to help them along. In these cases, and if research statistics on the future is any indication, then I think that this sort of product is indeed a handy little tool, and will reap a lot of $ for somebody. I think there are a lot more people out there that don't have a clue than the good guys. Which makes for a very nice market to sell your whares if you make one of these products. If nothing more than produce those nice tree killing reports that the client's management likes to see. More importantly, is how dangerous they may become when they get a little bit of smarts under their belts and bra straps. -----Original Message----- From: Bennett Todd [SMTP:bet () mordor net] Sent: Thursday, September 03, 1998 10:35 AM To: Stout, Bill; Firewall-wizards Subject: Re: Penetration testing via shrinkware Automated software scanners are useful tools for scanning many machines. If all you're interested in is a single machine, you can look at it by hand quicker than you can configure an automated scanner, and do a more thorough job. But if you want to check up on hundreds or thousands of hosts, an automated scanner is a must. An automated scanner is therefore good for raising the overall security of all the machines on a large network, up above some low baseline threshhold. If you get the very best security scanner, that baseline may even be slightly above the level hit by automated burglarly tools currently in circulation --- though I wouldn't want to bet on it. -Bennett
Current thread:
- Penetration testing via shrinkware Stout, Bill (Sep 03)
- Re: Penetration testing via shrinkware Bennett Todd (Sep 03)
- Re: Penetration testing via shrinkware Sheila //or// Bob (depends on who's writing) (Sep 06)
- Re: Penetration testing via shrinkware Stephen P. Berry (Sep 06)
- <Possible follow-ups>
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 03)
- Re: Penetration testing via shrinkware emaiwald (Sep 03)
- Re: Penetration testing via shrinkware Dominique Brezinski (Sep 03)
- Re: Penetration testing via shrinkware Ryan Russell (Sep 03)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- Re: Penetration testing via shrinkware tqbf (Sep 17)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 18)
- Re: Penetration testing via shrinkware Ted Doty (Sep 19)
- Re: Penetration testing via shrinkware tqbf (Sep 19)
- Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
- Re: Penetration testing via shrinkware Christopher Nicholls (Sep 19)
- Re: Penetration testing via shrinkware Adam Shostack (Sep 20)
- Re: Penetration testing via shrinkware Ivan Arce,CORE SDI (Sep 23)
- Re: Penetration testing via shrinkware tqbf (Sep 21)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)