lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: frank at knobbe.us (Frank Knobbe)
Subject: Top 15 Reasons Why Admins Use Security Scan
	ners

On Wed, 2004-04-28 at 17:04, Harlan Carvey wrote:
> > Someone should be.  Admins should be to confirm that
> > their environment is in
> > the state that they believe it to be.
> 
> I guess we'll have to agree to disagree.  In my
> experience, the guy who set a system up shouldn't be
> the one to inspect it, or verify it.  

and
 
> With regards to the rest of your comments, I think
> you're missing the point.  I'm not saying that a
> security scanner shouldn't be run...I just don't think
> that admins should be the ones to run the scanner.



Heya Harlan, long time.

I think you are missing the point. I don't think Stuart is saying that
the admins should also be the auditors. But they should run scanners and
other security tools to verify that they did their job correctly. But
only to the extend to make corrections and such. They should not perform
an "audit" per se.

You still need independent (either outside the company or an audit
department) that runs those tools (and more) themselves during the audit
that will generate a report to management. This is probably what you are
thinking of. 

I don't think we're saying admins should audit themselves. But admins
should run tools to ensure that they did their job ok.

Cheers,
Frank

-- 
Warning at the Gates of Bill:  
Abandon hope, all ye who press <ENTER> here...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040428/5fd65009/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ