Educause Security Discussion mailing list archives
Re: SANS Post about EDU vulnerability scanning assignment
From: Alec Yasinsac <yasinsac () CS FSU EDU>
Date: Fri, 3 Mar 2006 06:29:22 -0500
It seems to me it is the instructor's responsibility to provide the resource for student assignments. On the one hand, it would be nice to confine scanning assignments to controlled labs. On the other hand, if it is essential >>to meet the learning objective<< to have a more heterogenous network than is available within the instructor/department's sphere of control, seems to me the instructor should attain permission for a well defined target domain or set of domains. To leave that up to students seems like an unnecessary risk to the instructor/department/school and a bit of a disservice to the student. Just my 2 cents, alec On Thu, 2 Mar 2006, Randy Marchany wrote:
The only problem with this assignment is the failure to explicit require permission from the target of the scan. I give the same assignment but I EXPLICITLY REQUIRE they produce permission (email, paper form) from the target before they scan the systems. I also give them permission to scan machines in my lab. I also mention they can scan their own machines. Failure to obtain permission means no grade and possible arrest. If the prof makes these conditions explicit, I don't see a problem with the assignment. In fact, if you read what he requires them to include in their report, it's basically what you would get from an IT auditing firm. It's not clear from the original post where the prof required permission ahead of time. It has been my experience to run across profs who forget that critical requirement :-). -Randy
Current thread:
- SANS Post about EDU vulnerability scanning assignment Gary Flynn (Feb 28)
- <Possible follow-ups>
- Re: SANS Post about EDU vulnerability scanning assignment Jeni Li (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment charlie derr (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment Jeni Li (Feb 28)
- Re: SANS Post about EDU vulnerability scanning assignment Michael Sinatra (Mar 01)
- Re: SANS Post about EDU vulnerability scanning assignment Gary Flynn (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment Randy Marchany (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment John Bambenek (Mar 02)
- Re: SANS Post about EDU vulnerability scanning assignment Alec Yasinsac (Mar 03)
- Re: SANS Post about EDU vulnerability scanning assignment Randy Marchany (Mar 03)