RE: Multiple Security Engineers Sharing Internet Scanner

Thu, 9 Dec 1999 14:04:30 -0800 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Daniel,

        The first thing is use the website to limit who can scan what IP's and from
where.  The second thing is to be aware of, is that depending on your
network typology you may run into problems where filtering devices limit the
effectifiness of the scan.  Keep in mind however the scan is launched by the
website to it is where the webserver is located not where the person
requesting the scan is.
        If you do run into filtering devices, more than likely you will still be
able to connect to the common ports and run tests against those ports.

Brian


-----Original Message-----
From: Daniel B. Garrie [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 06, 1999 11:10 PM
To: Gary Flynn
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Multiple Security Engineers Sharing Internet Scanner


How would you go about implmenting such a structure given scanning when
people can plug in from ports perhaps in the library or run an internal
proxy server? What would be the point fo conducting such a scan?

daniel
ll the IP
names are assigned static.

On Fri, 3 Dec 1999, Gary Flynn
wrote:

>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
> --------------------------------------------------------------------------
--
>
> Brian Laing wrote:
> >
> >         Something I have done in the past is to actually use a website
to
> do
> > everything.  The website can be fully secured, and even use something
like
> > secure id or smart cards for authentication.  You then create a website
 that
> > will generate commandline scans and schedule them.
>
> Brian,
>
> What are the licensing implications of this? I'm planning a similar
> architecture for our campus.
>
> http://www.jmu.edu/info-security/engineering/proj/idr/cvas.htm
>
> thanks,
>
> Gary Flynn
> Security Engineer
> James Madison University
>

Daniel B. Garrie
email:[EMAIL PROTECTED]
icq#:52108157
aol:dbgsmooth

Reply via email to