Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: RE: In defense of non standard ports

RE: RE: In defense of non standard ports

From: R. DuFresne <dufresne_at_sysinfo.com>
Date: Sun, 19 Feb 2006 21:43:59 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 2 Feb 2006, Bill Royds wrote:

>
>
> -----Original Message-----
> From: firewall-wizards-admin_at_honor.icsalabs.com On Behalf Of Paul D. Robertson
>
> On Fri, 27 Jan 2006, R. DuFresne wrote:
>
>
>
>> Now to the end of the statement, do they have pull with mgt? Well, they
>> are pulling in a far different direction the more they tend to ruffle
>> whole departments by crying wolf <sorry, no that trojan port your nessus
>> scan spotted means less this month then it did last month you spewed it
>> up the mgt hill on our RACF mainframe, or sorry no your nessus skills are
>> not truly honed if you think pcanywhere is running on that solaris box>.
>
> But it's a long climb from "Hey, you're a computer person, here's a
> security hat" to "Hey, let's hire some security people."

Sometimes it is, sometimes it's just a joke. The security folks have to
have some real basis of knowledge beyond a cert, they need to know the
OS<s> they are dealing with, and how those/that OS<s> do their "talking to
the world", and how to silence it when it should be. Lacking that, you
gain nothing in hiring a security hat that can't put the hat on let alone
do the job.

> That's a big
> jump forward- NOW we need to direct that energy more productively. That's
> why I think we need to go back and start rattling firewall ruleset cages
> instead of looking at shiny IDS reports, we've now got to get some
> common, solid, understood security baseline industry-wide, otherwise we
> all get painted with the "ineffective" brush.
> ---------------------
>
> I have just started to teach a course in computer/information security to people
> studying for a community college diploma in (physical) security management. They
> are not computer types but are much more aware of the principles of security
> than most computer people. Perhaps these are the people to help get computer
> security out of the bench jockey mode and into the "this a priority in how we
> run this organization" mode.
> Interestingly with respect to non standard ports. Yesterday I explained that
> computer ports are somewhat like doors and loading bays in a building. One of
> the principles of physical security is that you should never allow a door to be
> unlocked without authorization (either a guard or an authorized person with the
> key). They were aghast when I explained that some systems let people arbitrarily
> add new ports to their servers without a security review for the necessity. It
> would be a firing offence to have someone decide that they could leave a loading
> dock open all week just so that someone could deliver something next Saturday.
>

Even if a security hat was hired with lacking skill, provided they were
encouraged to test, try and learn, let alone sent to courses and/or
conferences to trade and gain skills, that would be a plus, in gov
positions often the funds are lacking or mgt has no real clue but hire
"security hats" to cover butt, which gets a tad reddened when the
chit-hit-the-fan and they discover their errred ways in not knowing what
was required in the job in the first place when hiring. Now there were
certainlyt fer skilled folks from inside that applied, but fo reasons
unknown to others, cept perhaps not wanting to pay for the knowledge, they
were passed by, and instead we have folks not even up to the par of
beginning admins tasked now with all I can describe as "pissing off
folks".

Thanks,

Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD+Szyst+vzJSwZikRAkorAKCrpD3gg5B2GfziHa6zyGvoNOz1UQCg0K0X
2tl5/6xw8UGj+/lPTrmasfM=
=dgA+
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 20 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]