Firewall Wizards mailing list archives
RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 22 Aug 2002 04:23:07 -0400 (EDT)
On Thu, 22 Aug 2002, Crispin Harris wrote:
One could also argue that according to the practice of only allowing what is needed and blocking all else, some sort of access control should be in place that prevents FTP traffic from ever getting to that server. FTP traffic beyond that of authorized servers should be denied at the perimeter. An audit of your security practices would tell you whether you have denied all FTP. A scanner can only tell you that host w.x.y.z is running an FTP server and you can access it.This is a useful piece of information in itself, as it says 2 things directly, and several more indirectly: 1) FTP is not sufficiently limited. 2) w.x.y.z is running an FTP server. also: a) Your ingress filters are not correct b) Your ingress filters have probably not been reviewed recently (supposition)
there are so many companies that have no ingress filters, they as Marcus will state not only don't care much about what passes inside, they additionally have no clue as to what is passing inside.
c) w.x.y.z is an "interesting system". This is grounds for a closer investigation. d) w.x.y.z's administrator is not complying with SecPol.
There are far too many companies that do not see this as anything of major significance, we;ve seen so many messages in the lists over the years about some admin or employee running so non-work related app from their desktop or server that allows then to do instant messaging or share mp3's across the perimiter...<Subject: How do I stop such and such traffic from passing the firewall I'm charged with maintaining>
e) system & network documentation is probably not accurate. f) how did w.x.y.z get onto a controlled network in the first place? (investigation/politics).
<smile> One major provider with a foot in the security realm has had troubles getting folks to submit machines for the various security groups stamps of complaince, due in part to the fact none of the requirements were documented. I trying to locate documents for various groups I was charged with supporting and auditing for complaince to the corp policies, I made it up to the upper manager level of the various security related groups only to hear; Yes, we have been planning for the last two to five years now on getting that documentation together, but, we just have not gotten around to it yet. Of course doing that documentation would impact their web surfing...
This is then an example of the usefulness of {port, network, vulnerability }scanners. Like any other tool, the use/existance of a particular tools should not be substituted for intelligence and/or informed investigation.
[SNIP] Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)