[rescue] Do you remember when? Security software.....

Daniel de Young daniel at velvetsea.com
Fri Aug 8 13:32:46 CDT 2003

On Fri, 2003-08-08 at 10:11, Walter Belgers wrote:
> Michael A. Turner wrote:

> You cannot do a good security audit on your own network..

IMHO, with proper baselining you CAN run a good security audit on your
own network.  The caveat is the person running the audit.  The problem
is that for management, they never know if the person running the audit
is out to cover their own ass or really interested in proper security. 
In a smaller company with limited resources and a good security minded
admin, internal audits are recommeded and totally necessary.

The problem with outside auditors (of which I'm one) is that you all
know your networks better than I do.  Security is always "primarily" in
the hands of the everyday admins and users of a network.  They will
notice things that an auditor will pass right over.

> If they run the tools above, they are not necessarily frauds. If the
> report they write is basically a nessus output then yes, they're frauds.
> If you want to prevent frauds coming in, why not ask the company for a
> sample report and see what their modus operandi is?

I totally agree.  Auditing and Incident Handling is *very* tool
focused.  If you're a tech type, you'll notice that part.  A good
analyst will exhibit a thorough approach and follow through AND know how
to document it well.

my 2 cents


More information about the rescue mailing list