[unisog] Automated vulnerability tests upon host to network attachment

marchany at vt.edu marchany at vt.edu
Thu May 15 21:31:42 GMT 2003


One thing we need to remember is who the target audience is.

The recepients of this auto scan thing will more than likely be people who a) 
have no idea what the report means b) doesn't care what the report means c) 
has some clue what the report means but doesn't know how to fix the problems.

So, in keeping with the "never present a problem w/o providing a solution" 
strategy, the hard part of this project isn't the scanning pieces. It's 
showing the user HOW to make the necessary changes. I don't see the benefit of 
this service to a dept that has a reasonably skilled sysadmin. They already 
know how to run a scanner and fix the problem. For those sysadmins who aren't 
motivated to implement the changes, the scanner service doesn't buy anything.

I think the target audience is the clueless wonder crowd and telling them that 
they have a vulnerability with the SQL account means diddly to them. I believe 
the focus should be on developing a mechanism that takes the vulnerability 
findings and translates that to a) a program that will correct the 
deficiencies b) a list of steps that the person has to perform c) both a) and 
b)

Just my .02.

	-r.






More information about the unisog mailing list