In fact, software won't catch the little things, like the PC / dumb terminal or whatever that is left always logged in next to the unlocked, uncontrolled back entrance. > Merely scanning ports does not a security audit make. In > fact, scanning > ports is one of the minimalist appraoches > to an audit. The audit takes much more into consideration, > including how the folks on the network go about doing their > chores. Locking down the hosts and then letting some admin > telnet the world and toss the same passwords about in plain text > means yer still wide open to possible exploitation. all trust > relationships near the perimiter at the leat need to be > assessed as well. > And this is still just touching the tip of the iceberg... Bob Gerrish - [EMAIL PROTECTED] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
