Interesting.... Is this is the first critical for RDP?

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, March 13, 2012 1:23 PM
To: NT System Admin Issues
Subject: MS12-020 Patch Info, read up.


CVE-2012-0002: A closer look at MS12-020's critical issue - Security Research & 
Defense - Site Home - TechNet Blogs:

http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx



For admins, take a closer read at that one.

Cross post from Security lists from Sue Bradley SBS Queen :)

Happy patching.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Ziots, Edward 
[mailto:ezi...@lifespan.org]<mailto:[mailto:ezi...@lifespan.org]>
Sent: Tuesday, March 13, 2012 11:49 AM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

Yeah going to need it, got less time than CISSP to study for this one, but I 
know 3-5 domains cold from the CISSP so that is just a review, I just need to 
think about stuff through the auditors eyes. Looking for a pass the first time, 
and then off to C.E.H and CRISC in December. I have been thinking about the 
SANS certifications but I just don't see a clammering for them in the job 
places. I was looking to possibly go the GSNA route which would tie in with my 
CISA (when I get it)

GL On your GSEC re-cert you should ace that pretty easy, GCIH is a little 
harder but not unachieveable.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Tuesday, March 13, 2012 10:04 AM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

Yup, no disagreement there .. my response was more to Stu's point in that what 
he described can help increase security in a very general manner in an 
organisation, but really the business context is where the value is.

Good luck with the CISA!  I'm re-certifying my GSEC again at the moment and 
GCIH this time next year, so also under a weight of study and prep! ;o)



a

________________________________
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: 13 March 2012 12:59
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues
Alan,

I totally agree, that is why I always vet the scans I get from any VA scan and 
qualitatively risk prioritize them based on what is critical for the business. 
Again with healthcare its protection of the CIA of EPHI when stored, 
transmitted or processed and any and all systems that are in the eco-system of 
that processing.

The scans are done as part testing of the controls of an information system, 
but it is not a means to an end nor is its findings absolutely material to an 
auditor in determining the controls or lack thereof in an information system, 
there are plenty of other things that an auditor must consider via the ISACA 
auditing standard ( trust me I am going to be taking my CISA in june, and there 
is a lot more to it than I even understood, because I was only looking at it 
from the Risk Management and Compliance aspect, and totally missed all the 
pieces that make up Governance)

But I do agree Auditors are usually not technical enough to go deep enough into 
the technologies and find the trust issues so they can be raised to management 
and corrective actions to be taken, this is one of the issues I have always had 
sometimes when dealing with auditors ( especially from the big 4 firms, they 
have had little or no background in systems administration, security 
engineering, database management, and other core responsibilities in the areas 
they are to audit, therefore they usually don't have the technical expertise 
needs to complete what needs to be done on the audit. ( which kinda goes 
contracting to what the ISACA auditing standards require)(

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Monday, March 12, 2012 4:59 PM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

I still argue that all that aside (and it can be valuable), what I generally 
want if I'm in need of a quality piece of work to free up time is a PT 
engagement where the testers are made fully aware of the business context of 
the system they are testing and the risks and exec summary framed in that 
context.  Lack of SSL on an inside VLAN may be something to fix in time, but 
it's a heck of a lot less important than the public Internet facing one; access 
to a social committee intranet server less important than a customer DB - 
stupidly simplistic, but you get the idea.

Canned scans are for obliging the tickbox-generation auditors and general 
information.  Business context is the only way to a valid remedial plan of 
action.



a

________________________________
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: 12 March 2012 19:20
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues
Yeah well it seems that I am digging a mile deep with a few of my own tools ( 
Backtrack, Nmap, Rapid 7 Nexpose, Metasploit) to verify what the issues are 
based on a Qualys Scan that a outside organization didn't have the time to 
"validate" the findings, so its been a real joy digging through 100's of pages 
of qualys scan information.

Nessus is ok but seen the false positives with those also,

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, March 12, 2012 2:55 PM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

That's what we do for our customers here. We scan with Nessus, but provide a 
shortlist of the real dangerous low hanging fruit and we poke around a bit, and 
do a conference call where we show them what the problem is.
Warm regards,
Stu

From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, March 05, 2012 8:36 AM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

Thanks, I am glad I am not the only one.

Now if someone followed the Penetration test Execution Standard, and did a real 
Pen test and validated the business risks, then I would be impressed, so back 
to chewing through this Qualys scan and making heads or tails of what needs to 
be fixed and what isn't a big risk.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

From: Alan Davies [mailto:adav...@cls-services.com]
Sent: Monday, March 05, 2012 8:25 AM
To: NT System Admin Issues
Subject: RE: Vulnerability scanning, and calling it a Pen test the rant 
continues

You pays for what you gets ... even reports of actions that go beyond VA into 
PT still aren't a proper PT engagement if they're not in a meaningful report, 
written in English!

Having said that, sometimes you just want to know if something can be broken 
and do the rest yourself.  Rarely though .. I have 1better things to do with my 
time than translating someone else's results into an Exec Summary and business 
context specific findings

Rant welcome :o)


a

________________________________
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: 05 March 2012 13:12
To: NT System Admin Issues
Subject: Vulnerability scanning, and calling it a Pen test the rant continues
Not sure if anyone on the list is responsible for Vul Scanning in their 
organizations/business or Pen testing there systems, but it still blows my mind 
that we have folks out there providing services to organizations and business 
calling the output from a Qualys or Nessus vulnerability scanner a Pen-test.  I 
am current been going through someone else work for about 1.5 weeks validating 
the scanners findings on the systems, so I can get working on slimming down a 
225 page report to something that is realistic and achievable.

Sorry about the rant, it isn't how I wanted to start my Monday morning.

Z

Edward Ziots
CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

************************************************************************************

WARNING:

The information in this email and any attachments is confidential and may be 
legally privileged.



If you are not the named addressee, you must not use, copy or disclose this 
email (including any attachments) or the information in it save to the named 
addressee nor take any action in reliance on it. If you receive this email or 
any attachments in error, please notify the sender immediately and then delete 
the same and any copies.



"CLS Services Ltd × Registered in England No 4132704 × Registered Office: 
Exchange Tower × One Harbour Exchange Square × London E14 9GE"



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Reply via email to