Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )

From: "Crispin Harris" <crispin () internode on net>
Date: Thu, 22 Aug 2002 12:27:39 +0930
One could also argue that according to the practice of only 
allowing what is needed and blocking all else, some sort of 
access control should be in place that prevents FTP traffic 
from ever getting to that server. FTP traffic beyond that of 
authorized servers should be denied at the perimeter. An
audit of your security practices would tell you whether you 
have denied all FTP. A scanner can only tell you that host 
w.x.y.z is running an FTP server and you can access it.


This is a useful piece of information in itself, as it says 2 things directly,
and several more indirectly:
1) FTP is not sufficiently limited.
2) w.x.y.z is running an FTP server.
also:
a) Your ingress filters are not correct
b) Your ingress filters have probably not been reviewed recently (supposition)

c) w.x.y.z is an "interesting system". This is grounds for a closer investigation.

d) w.x.y.z's administrator is not complying with SecPol.
e) system & network documentation is probably not accurate.
f) how did w.x.y.z get onto a controlled network in the first place? (investigation/politics).


This is then an example of the usefulness of {port, network,  vulnerability
}scanners. Like any other tool, the use/existance of a particular tools should
not be substituted for intelligence and/or informed investigation.

Kind Regards,
    Crispin Harris
    Security Engineer
    crispin () adelaide on net

--
Sent using Internode WebMail
http://www.internode.on.net/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: