One of the golden rules.. RTFM..
But of course as Anton points out, many do not, and especially security
auditors who work for Big N-1 firms could not be bothered having the proper
books when they are conducting a security audit. Though commercial tools
are available that make carrying operating system manuals around and some
have qualified people who are walking wealths of information but is not the
same. Not all the firms can hire all of us in one fell swoop, although
some have tried. Proper training, conferences and certifications is just
the 'BASE' and experience will lead the flock to the right amount of CLUE.
Just having a little bit of CLUE will assist in finding the right tool for
the right job.
At 02:08 PM 2/20/98 -0500, Anton J Aylward wrote:
>At 09:58 AM 20/02/98 -0800, Bob De Witt wrote:
>## Reply Start ##
com on Thu Feb 19 1998 wrote:
>>> At 06:15 PM 17/02/98 -0800, Bob De Witt wrote:
>>> >... The first thing I review is the Security Policy Manual.
>>> >... to implement security.
>>> > Bob De Witt,
>>> This is available in hard copy, isn't it, and contains a section
>>> on what to do if the machine is down, so the copy on disk can't be read?
>>Of course, and in more than one copy, redundancy plus backups. Don't we
>_WE_ might, but then we can all think of many people who don't.
>In fact I'm sure some of us make a good living pointing this out
>to people who don't.
>## Reply End ##