RE: Allowing scanning from home

["Jeff Gercken" <JeffG () kizan com>]

Do your vulnerability assessment from within your network.  Then do
external port scans to see if any of the vulnerabilities are publicly
accessible.

Determine your vulnerabilities by scanning against "naked" servers,
without any firewall in between. Then, using quick port scans you can
determine at which security layers/rings in your network you are
exposed.  The Internet is obviously the outermost layer. 

Why is external employee scans even an issue?  Why bother making policy
over things you can't enforce?  Odds are they'll probably do them
whether you officially allow it or not.  Just be happy that you have
employees eager to increase your company's security posture.

-Jeff

-----Original Message-----
From: mike () genxweb net [mailto:mike () genxweb net] 
Sent: Thursday, October 28, 2004 3:08 PM
To: ericaldrc51 () netscape net
Cc: security-basics () securityfocus com
Subject: Re: Allowing scanning from home

I would not think it is a good idea to run from ah ome machine. there is
no
telling what might be installed on their machine or how secure their
network
is. I suggest for outside scans to contact a profesional company or
purchase a
dedicated or co-located server designed for this purpose.



Quoting ericaldrc51 () netscape net:

> What's the group's consensus on allowing security staff to scan the
company's
> external interfaces from their home, to get a true external
assessment.  I
> personally don't agree with this for audit and other reasons.  Just
looking
> for some other professional viewpoints.  Thx.
>
> __________________________________________________________________
> Switch to Netscape Internet Service.
> As low as $9.95 a month -- Sign up today at
http://isp.netscape.com/register
> Netscape. Just the Net You Need.
>
> New! Netscape Toolbar for Internet Explorer
> Search from anywhere on the Web and block those annoying pop-ups.

 Download now at http://channels.netscape.com/ns/search/install.jsp
>