[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Top 15 Reasons Why Admins Use Security Scan ners
- From: Jeremiah Cornelius <jeremiah@xxxxxxx>
- Date: Wed, 28 Apr 2004 19:40:34 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 28 April 2004 14:25, Stuart Fox (DSL AK) wrote:
> And some more things for you to think about
>
> > Just some things to think about...
> >
> > > Top 15 Reasons Why Admins Use Security Scanners
> >
> > Question: Should admins be using security scanners?
>
> Someone should be. Admins should be to confirm that their environment is
> in the state that they believe it to be.
Yes!
I look at software development for an analogy.
Just because developers should not be tasked with maintaining metrics and
configurations for validating QA targets, it does not follow that they
shouldn't 'smoke-test' or perform individual unit checks against the derived
objects of code they are about to commit. It would be irresponsible /not/ to
check...
But having done so, development is not entitled to the claim that the code is
defect free, and meets all requirements. The independent validation and
measurement is still requisite. So Admins can claim "due care" - without
asserting policy compliance or eliminating audit requirements.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAkGsiJi2cv3XsiSARAuR+AKDMbGGSFsbovcoSijaJjmRp4EVnHACgkOwT
qRyyjk6MfJwirJlESookl90=
=qf2F
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html