Firewall Wizards mailing list archives
Assessing layers of security
From: "Bill Stout" <bill.stout () aristasoft com>
Date: Thu, 16 Mar 2000 21:58:20 -0800
What is the best way to audit a layered network? VPN---FW----F.E.----App----DB The front-end system is vulnerable at the stack and port layer. The shell of the front-end is vulnerable within the shell itself. The application has it's own vulnerabilities, and it in turn accesses databases which have vulnerabilities. Turning to traditional security houses tends to prompt the same response "Well, let's run a few scan tools against your network...". This belies a complete lack of grasp on shell, application, and database security knowledge. Turning to large consulting shops is a lengthy painful process which ends up with some 'kid' that dutifully steps through a checklist process that someone else documented, and typically not someone who has an understanding of the situation. Turning to application vendor consulting does not generate a feeling of trust, since they tend to be close-to-the-vest about their own vulnerabilities. Suggestions? Bill Stout
Current thread:
- Assessing layers of security Bill Stout (Mar 17)