Security Basics mailing list archives
Re: Why Security testing is required
From: Byron Sonne <blsonne () rogers com>
Date: Sat, 21 Feb 2004 12:20:17 -0500
As a non technical person I want to know why security testing is requiredwhen all security systems like Firewall, IDS and content management are in place.
Security is a *process*, not a state of being or a product.Testing is required because security is a very imperfect thing and it will change all the time. You need a feedback loop based on hardcore, honest evaluation so that you can adjust for your deficiencies and correct your errors.
It's kind of like going to the doctor for a periodic checkup... sure you might be living well, eating good and doing everything right, but that is absolutely no guarantee that there isn't something horribly wrong with you. Would you trust a bank or investment firm to manage your money without providing to you periodic statements, or the ability to call them up at any point and ask how your money is? ;)
Much like real life, the criminals are always one step ahead of the cops. I would consider myself foolish if I would implicitly trust that the products and services I have purchased (or whipped up myself for that matter!) are really, truly doing their job. Firewalls can be bypassed, IDS fooled and content management skirted. Not that people strive to make bad products, but no one is perfect.
To paraphrase Mikhail Gorbachev "Trust, but Verify". -- For Good, return Good. For Evil, return Justice. --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- RE: Why Security testing is required Matt Lyon (Feb 20)
- Re: Why Security testing is required Meritt James (Feb 24)
- Re: Why Security testing is required Rishi Pande (Feb 24)
- Re: Why Security testing is required steve (Feb 24)
- most that can happan (was Re: Why Security testing is required Meritt James (Feb 25)
- RE: Why Security testing is required David Gillett (Feb 24)
- Re: Why Security testing is required Byron Sonne (Feb 24)
- Re: Why Security testing is required captgoodnight (Feb 24)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- Re: Why Security testing is required Meritt James (Feb 26)
- RE: Why Security testing is required Navaneetharangan (Feb 26)
- RE: Why Security testing is required Raoul Armfield (Feb 24)
- RE: Why Security testing is required Steve (Feb 24)
- <Possible follow-ups>
- Re: Why Security testing is required Fralick, Alan (Feb 25)
- RE: Why Security testing is required Ryan Cornelsen (Feb 27)