Full Disclosure mailing list archives
Re: automated vulnerability testing
From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Mon, 01 Dec 2003 13:47:01 -0500
Quite a flaw in logic there, I'm sure you meant;
Actually I was referring to the general laziness of sysadmins who would rather throw up a firewall in lieu of (instead of in addition to): - Performing general OS hardening - Reconfiguring daemons that don't need to run as root - Chroot'ing processes such as pop3 and rpcbind - Shutting down processes that don't need to run at all - Installing IDS and local filtering - Running tools such as tripwire to make sure their system hasn't already been hacked - Performing any type of system auditing the list goes on _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: automated vulnerability testing Ron DuFresne (Dec 01)
- Re: automated vulnerability testing Jonathan A. Zdziarski (Dec 01)
- Re: automated vulnerability testing Michael Gale (Dec 01)
- RE: automated vulnerability testing Bill Royds (Dec 03)
- <Possible follow-ups>
- Re: automated vulnerability testing Chris Adams (Dec 01)