Hey! My heart's good as gold, it's that damn voice in my head. It tells me
to do things, agghhhhh!
More seriously though, I understand and agree with much of what you are
saying. As part of my job I perform local security scans and audits as well
as serve on a security response team. On the other hand, I like to play the
devil's advocate and engage in friendly conversation about topics such as
this. If we sit in our offices and pretend to know it all then we're doomed
to fail.
Steve
-----Original Message-----
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 06, 2000 11:15 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: Security holes revisited
I'd argue that it depends on intent. Since I can't determine what's inside
your head, I'd judge your intent based on my observation of your behavior.
I'm more likely to see a port scan, and I'm more likely to suspect malice,
than if you used an HTTP client to connect to an HTTP service, etc.
Deep down in your black little heart, though, you could certainly be one of
the most malicious, yet supremely patient, criminal minds, and I just
wouldn't know it. That's a problem we can't solve. We have to judge intent
by observed behavior.
We've already discussed ethics. It may be legal or illegal, depending on
your arrangement with your host. If that arrangement doesn't cover port
scans, be prepared to explain yourself (and if you can, do it in advance).
The network admins are in the best position to do this; they're the ones
with the tools to notice scans across multiple addresses, and they can
monitor all the network traffic through one or two points through which it
will all cross.
As for NT server admins, guilty as charged. Many NT sysadmins don't know
very much, but that's the appeal of NT - you don't have to know very much,
and I think that's a good thing, generally.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
