Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: Anton Chuvakin <anton () chuvakin org>
Date: Wed, 21 Aug 2002 12:28:14 -0400 (EDT)
Hi Paul,
modem provider's netblock. A scanner won't pick that up unless it's
Sure.
The Web server admin adds a new IIS mapping for .xyz files that does the
Yeah.
The vulnerability is damaging enough that a non-destructive test isn't
But of course. What about? Company policy: no FTP servers on the Internet-exposed servers. IT stuff checks the servers THEY DEPLOYED for FTP - none has it. Somebody else deploys a box with FTP without telling IT dept. Vuln scanner will pick it up (if FTP server is vulnerable). Audit of the KNOWN server configurations won't. Admittedy, one can argue that a good audit should also include periodic asset discovery, but that is besides the point.
implementation verification. What's more, it's possible to validate things either manually or in an automated fashion, and it's possible to architect for easy validation.
Well, isn't 'VA scanning' a kind of "ouside remote tool-based verfication" ;-)
It takes me about 10 minutes to manually configure a Linux server so that I'm fairly confident that it's as "hardened" as is necessary. It takes me
Same here. You and me might not need a scanner to verify the box just built. To verify the open ports with vulns on 100 servers will take 15x1000 min (based on your earlier estimate) of SCANNER time and not 2x1000 minutes of YOUR time. Now, we are not even talking of verifying boxes smb else built. My conclusions: scanners are good to find human errors (mostly, silly mistakes, but that is besides the point. they might be silly, but still popular) in configs remotely. They make sense in addition to config verification, not instead of it. Best, -- Anton A. Chuvakin, Ph.D., GCIA http://www.chuvakin.org http://www.info-secure.org _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- concerning ~el8 / project mayhem R. DuFresne (Aug 16)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 16)
- Re: concerning ~el8 / project mayhem ark (Aug 16)
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem ark (Aug 16)
- <Possible follow-ups>
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Re: concerning ~el8 / project mayhem Anton A. Chuvakin (Aug 21)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 21)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Josh Welch (Aug 21)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 17)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 16)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
- RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)