Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: RE: Penetration testing via shrinkware

RE: Penetration testing via shrinkware

Gary Crumrine (gcrumus-state.gov)
Thu, 3 Sep 1998 14:02:05 -0400

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Dominique Brezinski: "Re: Penetration testing via shrinkware"
Previous message: Paul McNabb: "Re: password aging"
Next in thread: Christopher Nicholls: "RE: Penetration testing via shrinkware"
Reply: Christopher Nicholls: "RE: Penetration testing via shrinkware"

Interesting points of view. And I agree with every comment mad so
far by Bennett and others. But one thing strikes me sort of funny,
is that many respected, well known people with reputations in the
industry tend to have a different perspective on this issue, than the
poor business owner or some division head who has just been handed
the new "Project".

You have to remember that there is a critical shortage of truly
knowledgeable individuals available to help them along. In these
cases, and if research statistics on the future is any indication,
then I think that this sort of product is indeed a handy little tool,
and will reap a lot of $ for somebody.

I think there are a lot more people out there that don't have a clue
than the good guys. Which makes for a very nice market to sell your
whares if you make one of these products. If nothing more than
produce those nice tree killing reports that the client's management
likes to see.

More importantly, is how dangerous they may become when they get a
little bit of smarts under their belts and bra straps.
-----Original Message-----
From: Bennett Todd [SMTP:betmordor.net]
Sent: Thursday, September 03, 1998 10:35 AM
To: Stout, Bill; Firewall-wizards
Subject: Re: Penetration testing via shrinkware

Automated software scanners are useful tools for scanning many
machines.

If all you're interested in is a single machine, you can look at it
by hand
quicker than you can configure an automated scanner, and do a more
thorough
job.

But if you want to check up on hundreds or thousands of hosts, an
automated
scanner is a must. An automated scanner is therefore good for raising
the
overall security of all the machines on a large network, up above
some low
baseline threshhold. If you get the very best security scanner, that
baseline
may even be slightly above the level hit by automated burglarly tools
currently in circulation --- though I wouldn't want to bet on it.

-Bennett

Next message: Dominique Brezinski: "Re: Penetration testing via shrinkware"
Previous message: Paul McNabb: "Re: password aging"
Next in thread: Christopher Nicholls: "RE: Penetration testing via shrinkware"
Reply: Christopher Nicholls: "RE: Penetration testing via shrinkware"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT