ginal Message-
From: Anthony D. Eaker [mailto:[EMAIL PROTECTED]]
Sent: 14 March 2002 04:44
To: tony toni; [EMAIL PROTECTED]
Subject: Re: Political Challenges Using Nessus
Be very careful of running any type of security scan without permission from
those who manage the systems yo
;Hopkins, John A. [C]" <[EMAIL PROTECTED]>
To: "'tony toni'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Wednesday, March 13, 2002 4:37 PM
Subject: RE: Political Challenges Using Nessus
> Tony,
>
> As hard as it may be, you MUST NOT run any In
Get premission in WRITING. With a signature. No email.
-T
> -Original Message-
> From: tony toni [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 11:44 AM
> To: [EMAIL PROTECTED]
> Subject: Political Challenges Using Nessus
>
>
> Folks,
>
> I am currently experimenting with N
Provided you have the project assignment from your director in writing
(or e-mail) then you should have no qualms about doing your job. If the
Manager of the Server and Network Group starts stonewalling you, then
you could either (a) have a conversation with HIS boss or (b) go back to
the Directo
On Tuesday 12 March 2002 20:44, tony toni wrote:
> off. Problem is management is getting in my way. What is your answers
> to my questions?
>
> Tony
> Security Project Lead
> Major Financial Institution on West Coast
Your signature is your answer. :) If that is a major financial
institution,
Tony
I have a similar situation. The guy I am working for, has no idea about
security and calls himself the Security Manager. And yet, wants everything
tied up.
If I was you, I would
a) Go above them if possible, sort of offline, in a conversation, see if
direction/approval can come from furth
Be very careful of running any type of security scan without permission from
those who manage the systems you are scanning. There have been highly
publicized cases where this, as well intentioned as it may have been, has
led to loss of employment and legal action against someone who has done
such
Get approval to run the scans, in writing or at least in an archived email
message. If anything goes wrong, the buck stops with whoever gave you
approval. (not that it's less of a worry if something goes wrong when a hax0r
does it)
On Tuesday 12 March 2002 01:44 pm, tony toni wrote:
> Folks,
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> -Original Message-
> From: tony toni [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 11:44 AM
> To: [EMAIL PROTECTED]
> Subject: Political Challenges Using Nessus
> This is my question...
> 1) What are the political risks I
>My problem...
>I am not sure if I can trust either my Director or the Manger of
>Network/Servers if I start running Nessus. Both have a keen sense of
>corporate politics and only look out for themselves. My manager want
>results..but then he offers no support and will *nail* me hard if I mak
I am so happy to see someone actually putting thought in before just running off and
launching scans. I wish my admins thought like you.
Here is what I require before any assessment is done. I have a form that I fill out
with specific info. The sheet contains information like the following:
Tony,
As hard as it may be, you MUST NOT run any Intrusion Detection or
vulnerability scans within your organization until you have, at a minimum,
management's direction and approval IN WRITING! The only way to securely,
safely, correctly, and legally, conduct any security assessment and/or
proc
Did you say your boss was a moron about security... ;-)?
First, be careful. Unfortunately it could be construed as illegal
activity without a "get out of jail" note from your boss, your boss's
boss or someone of authority in your company.
Another possible approach might be to set up a snort box
This isn't about security, it's about company politics. A few tips:
1. NEVER run stuff like Nessus without proper written permission. If you get
caught you'll be treated as a criminal.
2. Try getting the Network and Server manager on your side by offering to
help him improve on his security issue
-Original Message-
From: tony toni [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 12, 2002 2:44 PM
To: [EMAIL PROTECTED]
Subject: Political Challenges Using Nessus
Folks,
I am currently experimenting with Nessus. I also have a spreadsheet of all
IP addresses that our company uses (ab
15 matches
Mail list logo
