|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Penetration testing via shrinkware
Crispin Cowan (crispin
cse.ogi.edu)
Fri, 18 Sep 1998 00:44:34 -0700
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Rick Loftus: "RE: utility for NAT"
- Previous message: Ferguson, Linwood: "AOL on port 5190"
- Next in thread: Christopher Nicholls: "Re: Penetration testing via shrinkware"
- Reply: Christopher Nicholls: "Re: Penetration testing via shrinkware"
- Reply: Dave Whitlow: "Re: Penetration testing via shrinkware"
- Reply: Ted Doty: "Re: Penetration testing via shrinkware"
- Reply: tqbf: "Re: Penetration testing via shrinkware"
tqbfpobox.com wrote:
> > person/company for the job... Problem is, which tools and which people do
> > you trust? Sounds like the subject of certification and accreditation comes
> > back into play...
>
> Scanners are probably much easier to certify than firewalls (which
> probably can't be meaningfully certified at all).
I beg to differ. A firewall can at least theoretically be verified: if it is
formally proven to enforce a policy of (say) allowing through traffic on ports X
and Y, and no others, then the firewall is verified. A scanner, on the other
hand, can never be verified, because the potential list of vulnerabilities that
it could reasonably be expected to check for is infinite. Scanners can never be
complete, because the space of possible mis-configurations and buggy software
knows no bounds.
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
Support Justice: Boycott Windows 98
- Next message: Rick Loftus: "RE: utility for NAT"
- Previous message: Ferguson, Linwood: "AOL on port 5190"
- Next in thread: Christopher Nicholls: "Re: Penetration testing via shrinkware"
- Reply: Christopher Nicholls: "Re: Penetration testing via shrinkware"
- Reply: Dave Whitlow: "Re: Penetration testing via shrinkware"
- Reply: Ted Doty: "Re: Penetration testing via shrinkware"
- Reply: tqbf: "Re: Penetration testing via shrinkware"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:46 CDT