Firewall Wizards mailing list archives
RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "Kalat, Andrew (ISS Atlanta)" <akalat () iss net>
Date: Thu, 22 Aug 2002 12:52:10 -0400
When users bypass technology controls, policies need to take over. "Mr. Consultant, your fired for taking deliberate action to bypassing security controls and jeapordizing this corporation.".
Ah, how I wish that were the case. :) So many companies I've seen it go like this: Security: Hey! You can't do that! You just violated the policies! HR, get 'em! Revenue Generating Employee(RGE): I needed to do it to help a customer, go away. RGE's Boss: Yeah, it was necessary. Geez, you security guys really don't want us to be successful do you? HR: <silence> So, I agree! 100%! Unfortunately a lot of companies don't, right or wrong. So at least it's helpful to find it and get rid of it, even if there are no consequences that give the policies any bite. Sure, companies like that suck, but they are more plentiful then I care to admit.
I likewise feel scanners, with constantly updated signatures, run regularly, can enhance the abilities of a security department. Scanners should not been viewed as replacement or a bandaide for missing security processes / procedures.
You got it. It's unfortunate if you find yourself in a company without mature and enforced policies. --------------------------------------------------------- Andrew J. Kalat, | Direct:(404)236-2713 | Main: (404)236-2600 Internet Security Systems, Inc. | E-Mail: akalat () iss net 6303 Barfield Road | <http://www.iss.net/> Atlanta, GA 30328 | PGP key available. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ), (continued)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)