[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners



It depends on who you get.  At a previous job I was once asked to provide a
printout of the file permissions of every file on every system.  After
delivering I think it was four cartons of paper for one system, I think he
changed his mind because he didn't ask for the other systems.

But the best ever was from a goverment auditor doing a securities
investigation.  Said auditor wanted all transactions between us and XXX
between such and such dates.  Ok, we said, what format tape do you want it
on?  They insisted on a printout.  So, I think it was 14 cartons of 8.5x11
paper.  A few months later we asked them how they were doing.  They said
that they were having difficulty (AND I KID YOU NOT) OCR'ING IT BACK INTO
ELECTRONIC FORMAT.  Now think about this.  Every transaction is a series of
about 80-120 numbers of accounts, stocks, amounts, etc.  Given an OCR
accuracy of 90% (this was the early 90's), every line that they OCR'ed in
had an error on it.  Not very useful for searching for illegal trading.

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]On Behalf Of Starford,
Christopher D.
Sent: Wednesday, April 28, 2004 3:55 PM
To: 'Harlan Carvey'
Cc: 'full-disclosure@xxxxxxxxxx'
Subject: RE: [Full-Disclosure] Top 15 Reasons Why Admins Use Security
Scan ners


Harlan,
 
I believe many true IT Security Auditors out there would agree that your
wrong on this one.

> -How will I ever pass my IT Security Audits?
>  
> Don't worry about it...most audits don't seem to have
> an IT background, and even when they do, they don't
> take the time to understand your business processes or
> your network infrastructure.

__________________________________________________
Christopher D. Starford
SAIC Enterprise Security Sulutions

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html