Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: Dave Piscitello <dave () corecom com>
Date: Thu, 22 Aug 2002 14:50:03 -0400
At 02:22 PM 8/22/2002 -0400, you wrote:
Indeed. So what you are saying is that the scanners are a crutch that lets you avoid raising your competency.
Not at all, and in fact, quite the opposite. Not certain if you're trying to bait me here, but of course, there's a "let the tool help the lazy avoid improving himself" aspect to scanners, but lazy is as lazy does. I'm not lazy, and I find them useful.
They are tools. People with experience in one OS can get a jumpstart on appreciating and learning the vulnerabilities of others.
The more useful ones not only identify vulnerabilities, but they provide an explanation of the vulnerability. Many offer URLs to online documentation explaining the risk, the nature of the vulnerability, exploits associated with the vulnerability, locations where the vendor has posted the security fix, service pack, whatever. I gather you've not used any of these?
Perhaps you could compare it to - reading books with the term "hack" or "hackers" in the title (search amazon.com for examples...)
Personally, I think these books tell you more about how to be as clever as the kiddies that attack systems than they do about improving security of systems. I prefer the "securing foo" titles. But quality scanners educate you in similar ways to such books, if you take the time to do more than "recommended action: change registry value X to Y".
- reading the vuln-dev mailing list
This is a good resource and very helpful when a scanner doesn't tell me enough about the vulnerability to help me understand.
- reading the LINUX source code
Oh, come down from the lofty perch...this is an entirely elitist perspective. The ratio of people who must be engaged in securing systems vs. those capable of evaluating whether source correctly bounds data structures approaches infinity.
- Following up on the Linux vendor advisories to see what changes they made to the source to overcome the problems mentioned in the advisories. - Trying to fix the problems in the advisories yourself then comparing with the published solutions
Begs the issue of having the skill to do this absent some additional guidelines that some scanners do provide in a kinder, gentler step by step manner than "read the F'in advisory and patch the source, or aren't you the manly 'I grok Linux and C' type?"
- Reading the CVE database
If the CVE entry is referenced in the scanner, is this sufficient?
- Reading papers by Bhoem, Parnas, Hansen and the like (or perhaps "Software Tools") on good technique and comparing it with some published code. (Some of the 'open source' code is exemplary in its grotty-ness)
This is unfortunately a luxury for many daily ops folks. Have you run or worked in a NOC?
I don't drink beer, and besides, it doesn't pay the mortgage.
No, but I am guilty of frequently doing work out of friendship and I have a charitable nature.
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Re: concerning ~el8 / project mayhem Anton A. Chuvakin (Aug 21)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 21)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Josh Welch (Aug 21)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
- RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)