|
Firewall Wizards
mailing list archives
Re: concerning ~el8 / project mayhem
From: Dave Piscitello <dave () corecom com>
Date: Thu, 22 Aug 2002 14:50:03 -0400
At 02:22 PM 8/22/2002 -0400, you wrote:
Indeed. So what you are saying is that the scanners are a crutch that
lets you avoid raising your competency.
Not at all, and in fact, quite the opposite. Not certain if you're trying
to bait me here, but of course, there's a "let the tool help the lazy avoid
improving himself" aspect to scanners, but lazy is as lazy does. I'm not
lazy, and I find them useful.
They are tools. People with experience in one OS can get a jumpstart on
appreciating and learning the vulnerabilities of others.
The more useful ones not only identify vulnerabilities, but they provide an
explanation of the vulnerability. Many offer URLs to online documentation
explaining the risk, the nature of the vulnerability, exploits associated
with the vulnerability, locations where the vendor has posted the security
fix, service pack, whatever. I gather you've not used any of these?
Perhaps you could compare it to
- reading books with the term "hack" or "hackers" in the title
(search amazon.com for examples...)
Personally, I think these books tell you more about how to be as clever as
the kiddies that attack systems than they do about improving security of
systems. I prefer the "securing foo" titles. But quality scanners educate
you in similar ways to such books, if you take the time to do more than
"recommended action: change registry value X to Y".
- reading the vuln-dev mailing list
This is a good resource and very helpful when a scanner doesn't tell me
enough about the vulnerability to help me understand.
- reading the LINUX source code
Oh, come down from the lofty perch...this is an entirely elitist
perspective. The ratio of people who must be engaged in securing systems
vs. those capable of evaluating whether source correctly bounds data
structures approaches infinity.
- Following up on the Linux vendor advisories to see what changes they
made to the source to overcome the problems mentioned in the
advisories.
- Trying to fix the problems in the advisories yourself then comparing
with the published solutions
Begs the issue of having the skill to do this absent some additional
guidelines that some scanners do provide in a kinder, gentler step by step
manner than "read the F'in advisory and patch the source, or aren't you the
manly 'I grok Linux and C' type?"
- Reading the CVE database
If the CVE entry is referenced in the scanner, is this sufficient?
- Reading papers by Bhoem, Parnas, Hansen and the like (or perhaps
"Software Tools") on good technique and comparing it with some
published code.
(Some of the 'open source' code is exemplary in its grotty-ness)
This is unfortunately a luxury for many daily ops folks. Have you run or
worked in a NOC?
I don't drink beer, and besides, it doesn't pay the mortgage.
No, but I am guilty of frequently doing work out of friendship and I have a
charitable nature.
David M. Piscitello
Core Competence, Inc. &
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
843.689.5595
www.corecom.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
|
Intro
