Firewall Wizards mailing list archives
RE: concerning ~el8 / project mayhem
From: jankowsr () mskcc org
Date: Wed, 21 Aug 2002 12:07:39 -0400
Hiya Paul,
While I am indeed advocating good design, I'm not against validation, I'm against vulnerability scanning- that, I think is our point of difference (or maybe I just didn't articulate it well.) In other words, I'm saying that configuration validation is better than vulnerability testing for almost all classes of electronic attack.
I completely agree that it's impossible to determine the overall security posture of a system by running any vulnerability scanner. In my previous incarnation as a security consultant, I've seen too many people pass off the output from a scanner and say "Here's your main exposures", or worse yet, to say "You're secure" when the scanner found nothing! But I do think that vulnerability scanners have a place, in that they give the system administrators and architects the ability to find and remediate a lot of the more common exposures, like the IIS vulnerabilities that seem to be present on anything Microsoft, etc. I've seen times (not at my current employer, thankfully) where there was a lot of political backlash about not wanting the InfoSec guys to do a hands-on. Running a scanner and presenting the results to management usually demonstrated that there was significant risk in the system to warrant a more formal review. But overall, I think you're right, scanning by itself is worthless, and could cause more harm than no scanning at all. -- Richard Jankowski Senior Security Analyst Information Security Memorial Sloan-Kettering Cancer Center 1050 Wall Street West - 5th Floor Lyndhurst, NJ 07071 Ph: 201-635-5429 Fax: 201-507-1909 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem R. DuFresne (Aug 18)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
- Re: concerning ~el8 / project mayhem Iván Arce (Aug 23)
- Re: concerning ~el8 / project mayhem Crispin Cowan (Aug 23)
- RE: concerning ~el8 / project mayhem Crispin Harris (Aug 19)
- Re: concerning ~el8 / project mayhem ark (Aug 19)
- RE: concerning ~el8 / project mayhem Kalat, Andrew (ISS Atlanta) (Aug 19)
- RE: concerning ~el8 / project mayhem Bruce Platt (Aug 19)
- Re: concerning ~el8 / project mayhem Antonomasia (Aug 19)
- RE: concerning ~el8 / project mayhem jankowsr (Aug 21)