Firewall Wizards mailing list archives
RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "Crispin Harris" <crispin () internode on net>
Date: Thu, 22 Aug 2002 12:27:39 +0930
One could also argue that according to the practice of only allowing what is needed and blocking all else, some sort of access control should be in place that prevents FTP traffic from ever getting to that server. FTP traffic beyond that of authorized servers should be denied at the perimeter. An audit of your security practices would tell you whether you have denied all FTP. A scanner can only tell you that host w.x.y.z is running an FTP server and you can access it.
This is a useful piece of information in itself, as it says 2 things directly, and several more indirectly: 1) FTP is not sufficiently limited. 2) w.x.y.z is running an FTP server. also: a) Your ingress filters are not correct b) Your ingress filters have probably not been reviewed recently (supposition) c) w.x.y.z is an "interesting system". This is grounds for a closer investigation. d) w.x.y.z's administrator is not complying with SecPol. e) system & network documentation is probably not accurate. f) how did w.x.y.z get onto a controlled network in the first place? (investigation/politics). This is then an example of the usefulness of {port, network, vulnerability }scanners. Like any other tool, the use/existance of a particular tools should not be substituted for intelligence and/or informed investigation. Kind Regards, Crispin Harris Security Engineer crispin () adelaide on net -- Sent using Internode WebMail http://www.internode.on.net/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)