>One of the bosses got an independant security company to scan our network
>without telling me. (I caught them straight away at our firewall he. he.)
he he
>They seem to think it is sendmail and Washington state pop3/imapd (clearly
>it isn't).
cool
>They also think that PHP/FI and ColdFusion (specifically the
>viewexample.cfm) are installed on the server. Clearly they aren't as it only
>has the imail web server.
super
>They also think that being able to brute force the password for user ftp (on
>an anonymous ftp server) is a vulnerability, go figure........
do you have FTP on the machine?
>My question is, are these people totally incompetant
They are very competent at false positives. vbg
How are they doing for true positives?
Removing the false positives, how do they rate your overall security?
What scanner do they use?
Have you scanned your net and if yes, do you agree with what they find, if
not why they find their false positives?
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
