[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] automated vulnerability testing

To: Ron DuFresne <dufresne@winternet.com>
Subject: Re: [Full-Disclosure] automated vulnerability testing
From: "Jonathan A. Zdziarski" <jonathan@nuclearelephant.com>
Date: Mon, 01 Dec 2003 13:47:01 -0500

> Quite a flaw in logic there, I'm sure you meant;

Actually I was referring to the general laziness of sysadmins who would
rather throw up a firewall in lieu of (instead of in addition to):

- Performing general OS hardening
- Reconfiguring daemons that don't need to run as root
- Chroot'ing processes such as pop3 and rpcbind
- Shutting down processes that don't need to run at all
- Installing IDS and local filtering
- Running tools such as tripwire to make sure their system hasn't
already been hacked
- Performing any type of system auditing

the list goes on



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] automated vulnerability testing
  - From: Ron DuFresne <dufresne@winternet.com>

Prev by Date: Re: [Full-Disclosure] file inclusion (les visiteurs)
Next by Date: Re: [Full-Disclosure] IDS (ISS) and reverse engineering
Previous by thread: Re: [Full-Disclosure] automated vulnerability testing
Next by thread: Re: [Full-Disclosure] automated vulnerability testing
Index(es):
- Date
- Thread