<x-flowed>At 09:45 PM 2/3/01 -0800, Mike Sensney <[EMAIL PROTECTED]> wrote:
>At 01:27 PM 02/03/2001 -0800, Mike Noyes wrote
>
>>At 12:36 PM 2/3/01 -0800, Mike Sensney <[EMAIL PROTECTED]> wrote:
>>>Instead, why not test our "standard" distributions against the list of
>>>well know Internet scanning services? For example: the WebSaint scanning
>>>service. Cost for a complete scan of a single workstation/server
>>>unlimited usage is $50 for 3 months or $100 for 1 year. Then post links
>>>to the scan results and to the scanning services that performed the
>>>tests. You could also test the distributions with various LRP packages loaded.
>>
>>Mike,
>>Is this what you had in mind?
>
>Close. My idea is that somebody not connected with LEAF/LRP do the
>security checking. A security audit as performed by WebSaint (among
>others) would give us a "standard" audit we can brag about and that
>ordinary people can verify: Go to WebSaint, pay $50 for 3 month unlimited,
>ask for complete scan to be performed. We should even suggest that they
>can go to https://grc.com/x/ne.dll?bh0bkyd2 and do the free "Shields Up!"
>quick security survey of their current setup, which in most cases will be
>a naked Win box on the Internet.
Mike,
Internet based scanners are great for testing the external interface, but
they do nothing to test the internal ones. You're right, I should have
mentioned WebSaint (are they still offering a free single machine scan?).
Are there any other free sites that don't use NMAP? Last time I looked at
this, most of the Internet based scanners were using NMAP.
>It would also be a good idea to explain the shortcomings of LRP. LRP is a
>network protecting tool. You still need virus scanners and such to protect
>individual computers from other sources of nastiness. See
>http://grc.com/lt/scoreboard.htm for some interesting info on "personal"
>firewalls.
Good idea for a FAQ.
>>https://sourceforge.net/pm/?group_id=13751
>>Security
>>Task ID: 25528
>>Summary: Test releases with NMAP and Nessus
>
>(Add Saint to this list.)
>
>I would say that scans by NMAP, Nessus and Saint are also a good idea.
>This would give our products another layer of security checking. But if I
>have to choose between internal vs external audits, I would still choose
>external. (If our in house tester makes a mistake it reflects bad on us.
>If WebSaint makes a mistake...well its not our fault.
Please add this comment to task id 25528. Thanks.
>BTW, we can always create our own professional association with its own
>firewall certification criteria. How about the YAFCA? (Yet Another
>Firewall Certifying Association)
--
Mike Noyes <[EMAIL PROTECTED]>
http://leaf.sourceforge.net/
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
</x-flowed>
