Full Disclosure mailing list archives
RE: Top 15 Reasons Why Admins Use Security Scanners
From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 28 Apr 2004 11:54:43 -0700 (PDT)
Just some things to think about...
Top 15 Reasons Why Admins Use Security Scanners
Question: Should admins be using security scanners?
This list has been compiled by emailing various Security/Admin lists... Anyone care to offer their input - add to the list? -Am I sure that I have found all vulnerabilities in my network? -Have I configured my network properly?
What's your policy say? If you're relying on a security scanner to define proper network configuration, maybe you're in the wrong line of work.
-Am I finding and closing security holes fast enough?
With proper policies and procedures in place, it's not a matter of finding and closing holes fast enough. Some Microsoft guys (Dave LeBlanc included) set up an IIS 4.0 web server on NT a full year before Code Red came out, and from the time it went live, it was immune to Code Red. Why? The ida/idq script mappings were unnecessary functionality and therefore disabled.
-How do I know which machines have a missing patch?
What is your patch management process?
-Are we resistant enough to network-savvy viruses that spread via known exploits?
What is "resistant enough"? You can roll out Norton on your email server (and other servers) as well as on your desktops, and manage them all from a central location, pushing out updates as they become available? Do you? A security scanner won't tell you if you do or not.
-Are we in compliance with HIPAA, Sarbanes-Oxley and other regulations?
The only way a security scanner will tell you this is if it's compliant, as well.
-What have I missed in locking down a server or environment?
What do your policies and procedures say?
-Do I have my network perimeter and interior sufficiently protected? -Have I identified and protected my network resources from external threats? -Do I know which systems are now well protected? -How vulnerable are we from the inside?
From what threat? Are you refering to users, or to
admins?
-How will I ever pass my IT Security Audits?
Don't worry about it...most audits don't seem to have an IT background, and even when they do, they don't take the time to understand your business processes or your network infrastructure.
-How do I locate computers on my network, that are not within compliance? -How do I report to Management that we have done all we could to lock down?
Very carefully. IT guys and management don't speak the same language.
-How do I detect unknown and/or rogue devices/connections?
By understanding your infrastructure. If you know what IP address ranges are assigned and to where, then you'll know that whatever device is on 10.2.1.52 shouldn't be responding to ICMP... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Top 15 Reasons Why Admins Use Security Scanners Joel R. Helgeson (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners nicolas vigier (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Jeremiah Cornelius (Apr 28)
- <Possible follow-ups>
- RE: Top 15 Reasons Why Admins Use Security Scanners Joe User (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scanners Harlan Carvey (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Codex (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Rick Updegrove (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners nicolas vigier (Apr 28)