Security Basics mailing list archives
RE: Allowing scanning from home
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 28 Oct 2004 12:39:49 -0700
Your security staff should not be the only team that audits your network security, but trying to prohibit them from doing so doesn't sound productive. (I once worked for a company that didn't trust the IT security team to touch the machines of the top-level executives -- which meant, of course, that those became the least secure machines in the whole organization, when they were the most sensitive....) Your intrusion-detection escalation tree should include someone who is empowered to authorize scans as part of audit processes. Employees should obtain authorization from that person before performing such tests, just as outside security consultants would. (Depending on the scope of testing, it may not be useful to advise every part of the chain of an upcoming test, so that the escalation procedure also gets tested. Authorization should routinely be granted, but exceptions may need to be made during periods of crucial business activity. When I've had such authority, I've added the requestor to a list of people I could call on as additional resources in the event of a security emergency. David Gillett
-----Original Message----- From: ericaldrc51 () netscape net [mailto:ericaldrc51 () netscape net] Sent: Thursday, October 28, 2004 11:05 AM To: security-basics () securityfocus com Subject: Allowing scanning from home What's the group's consensus on allowing security staff to scan the company's external interfaces from their home, to get a true external assessment. I personally don't agree with this for audit and other reasons. Just looking for some other professional viewpoints. Thx. __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp
Current thread:
- Allowing scanning from home ericaldrc51 (Oct 28)
- Re: Allowing scanning from home Donald Voss (Oct 28)
- Re: Allowing scanning from home Brandon Foley (Oct 28)
- Re: Allowing scanning from home Adam Jones (Oct 28)
- Re: Allowing scanning from home mike (Oct 28)
- Re: Allowing scanning from home Richard Ellis (Oct 29)
- Re: Allowing scanning from home Dan Tesch (Oct 28)
- RE: Allowing scanning from home David Gillett (Oct 28)
- Re: Allowing scanning from home tony tony (Oct 29)
- Re: Allowing scanning from home Ghaith Nasrawi (Oct 29)
- <Possible follow-ups>
- Re: Allowing scanning from home ericaldrc51 (Oct 28)
- RE: Allowing scanning from home ka55ad (Oct 28)
- Re: Allowing scanning from home Will Thornsbury (Oct 29)