Slashdot Mirror


Network Penetration Scans and Executive Reaction?

LazloToth asks: "I'm sure some of you have had this happen: your company pays the big bucks for a 3rd-party security audit and, when it comes back, you get called on the carpet for all the supposed 'holes' in your network. When you see the report, you recognize that it comes from a well-known open-source security scanner, and that the 'holes' in question are so obscure as to be meaningless. I told our risk management VP that to fix every item cited - - many of which were false positives or completely out of context - - would be next to impossible for our small IT staff, and that some of the fixes, if implemented, might have deleterious effects on an otherwise smoothly running operation. How do you handle these 3rd-party security people who make mountains out of every molehill?"

3 of 434 comments (clear)

  1. Serves you right for not buying ISA Server. by LibertineR · · Score: 0, Flamebait

    I'm kidding, so calm your ass down.

  2. Don's use Nessus, use... by Harry+Balls · · Score: 0, Flamebait

    ...something more professional.

  3. Re:quit by indy_Muad'Dib · · Score: 0, Flamebait

    fint out who at the 3rd party security consulting company made teh report and make a critical security hole in his head with a screwdriver. wonder how long it would take to come out with a patch to fix the "screwdriver thru some asshat security consultants head" bug.