On Tue, 29 Jul 1997 20:45:01 +0300, in muc.lists.firewalls you wrote:
>Jeff Monder wrote:
>> I have a few questions about scanners for the group...
>> Regardless of the tools you use, I don't think you can avoid keeping
>> current, doing constant research and manually checking filter syntax
>> host configurations. I haven't tried any commercial scanners, so I
>> wondering: Aside from user interface, how do these commercial
>> differ from what can be accomplished with a suite of freely available
>> programs like netcat and others as aids in performing security audits.
>> I have no intention of implying that there is anything wrong with
>> commercial scanners or the use of them. I just have a few
>> questions about their use and about justifying their purchase:
>> While existing weaknesses are covered in a well-designed scanner's
>> algorythms, isn't there a risk that future discovered weaknesses won't
>> be there (or won't be there in a timely fashion)? By relying on code
>> hidden behind a front end, and on a vendor for keeping up with new
>> developments in security, are you replacing knowledge with faith (not
>> necessarily yours but your company's)? If a company is spending big
>> bucks on a tool, won't it make the assumption that it will replace a
>> good bit of manual labor? Isn't there an implicit assumption that you
>> will now be able to rely on this tool to do things that previously
>> more time?
>I think u are completely correct, using a normal sniffer and looking
>for strange connections or abnormal packets (if u have the knowlage)
>is alot more efficent than any front-end security suite.
You are telling me that having a monitoring system is alot more
important than having the doors locked? And where do you live? I
think both are important as I wouldn't leave home without checking to
make sure I have fixed all the known holes to get into my network, and
have a monitoring system in place for people who try to get in