-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 28 April 2004 14:25, Stuart Fox (DSL AK) wrote: > And some more things for you to think about > > > Just some things to think about... > > > > > Top 15 Reasons Why Admins Use Security Scanners > > > > Question: Should admins be using security scanners? > > Someone should be. �Admins should be to confirm that their environment is > in the state that they believe it to be.
Yes! I look at software development for an analogy. Just because developers should not be tasked with maintaining metrics and configurations for validating QA targets, it does not follow that they shouldn't 'smoke-test' or perform individual unit checks against the derived objects of code they are about to commit. It would be irresponsible /not/ to check... But having done so, development is not entitled to the claim that the code is defect free, and meets all requirements. The independent validation and measurement is still requisite. So Admins can claim "due care" - without asserting policy compliance or eliminating audit requirements. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAkGsiJi2cv3XsiSARAuR+AKDMbGGSFsbovcoSijaJjmRp4EVnHACgkOwT qRyyjk6MfJwirJlESookl90= =qf2F -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
