Full Disclosure mailing list archives
RE: Top 15 Reasons Why Admins Use Security Scan ners
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 30 Apr 2004 11:48:01 -0500 (CDT)
On Wed, 28 Apr 2004, Starford, Christopher D. wrote:
Harlan, I believe many true IT Security Auditors out there would agree that your wrong on this one.
Yet, audits in the corp env's tend to focus not on IT nor security, but bean-counting. I've seen as HYarlan mentions that the vast majority of auditors have been of the finnancial category, and clueless about IT and it's processes and such. Now, this is not the auditors fault, but managments, as well as that of the partnering companies that make the request and hire in the wrong folks. Of course then there are the snack-oil IT folks, those that pentest and such with a point and click tool and canned report. A thourough IT sec audiit requires that the audirot become familiar with the org being audited and actually look into system configs. There are many issues in how systems are confuifugered that a point and launch tool are not going to uncover and a canned report will not mention. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Top 15 Reasons Why Admins Use Security Scan ners Starford, Christopher D. (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Harlan Carvey (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ron DuFresne (Apr 30)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Ron DuFresne (Apr 30)
- <Possible follow-ups>
- RE: Top 15 Reasons Why Admins Use Security Scan ners Stuart Fox (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Harlan Carvey (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Frank Knobbe (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scan ners Jeremiah Cornelius (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Harlan Carvey (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Vanish Pattni (DSL AK) (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scan ners Harlan Carvey (Apr 28)