Security Basics mailing list archives
RE: Allowing scanning from home
From: "Jeff Gercken" <JeffG () kizan com>
Date: Fri, 29 Oct 2004 12:36:52 -0400
Do your vulnerability assessment from within your network. Then do external port scans to see if any of the vulnerabilities are publicly accessible. Determine your vulnerabilities by scanning against "naked" servers, without any firewall in between. Then, using quick port scans you can determine at which security layers/rings in your network you are exposed. The Internet is obviously the outermost layer. Why is external employee scans even an issue? Why bother making policy over things you can't enforce? Odds are they'll probably do them whether you officially allow it or not. Just be happy that you have employees eager to increase your company's security posture. -Jeff -----Original Message----- From: mike () genxweb net [mailto:mike () genxweb net] Sent: Thursday, October 28, 2004 3:08 PM To: ericaldrc51 () netscape net Cc: security-basics () securityfocus com Subject: Re: Allowing scanning from home I would not think it is a good idea to run from ah ome machine. there is no telling what might be installed on their machine or how secure their network is. I suggest for outside scans to contact a profesional company or purchase a dedicated or co-located server designed for this purpose. Quoting ericaldrc51 () netscape net:
What's the group's consensus on allowing security staff to scan the
company's
external interfaces from their home, to get a true external
assessment. I
personally don't agree with this for audit and other reasons. Just
looking
for some other professional viewpoints. Thx. __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at
http://isp.netscape.com/register
Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
Current thread:
- RE: Allowing scanning from home Dan Denton (Nov 01)
- <Possible follow-ups>
- Re: Allowing scanning from home Nathaniel Hall (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- Re: Allowing scanning from home Dan Tesch (Nov 01)
- Re: Allowing scanning from home xyberpix (Nov 01)
- RE: Allowing scanning from home Jeff Gercken (Nov 01)
- RE: Allowing scanning from home Steven Trewick (Nov 02)