> and besides, does your class cover securing the OS of the > box, or just CF?
I'm kind of hurt that you didn't read the description. Sigh. Oh well. The course covers secure installation of NT/2K, secure configuration of services (IIS, CF, and every other service for that matter), web application configuration issues (including the CF Administrator application), web application code issues (input filtering, etc), and secure management (auditing, logging, filesystem integrity checking, remote control application configuration and use). > does it include a full vulnerability assessment of the > client network? Nope. Frankly, I'm not qualified to do that. While I'm a knowledgeable amateur in that area, I'd be reluctant to perform any serious vulnerability assessment of a client's network. I'm capable of running nmap and the like, but that hardly makes me a professional. I am conversant with people who are very well qualified to do that; it's worth noting that I haven't seen yet the automated tool which can do the entire job. The above-mentioned course focuses on host-based security; it doesn't cover general network security issues, except to raise the point that those issues should be addressed by the appropriate professionals. However, when setting up a "bastion host", you try to eliminate as many dependencies on external resources as possible; by doing this, you can minimize (not eliminate, though) the concerns raised by general network security issues. Here in DC, Ernst & Young had a respected "ethical hacker" arm, which does "tiger team" penetration. They used to offer courses, but I think the core group went on to create their own dedicated security company. > and a flight to new zealand? :) I've got no response for that. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ______________________________________________________________________ Why Share? Dedicated Win 2000 Server � PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation � $99/Month � Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
