[unisog] Automated vulnerability tests upon host to network attachment

Russell Fulton r.fulton at auckland.ac.nz
Tue May 20 01:00:10 GMT 2003


On Fri, 2003-05-16 at 09:31, marchany at vt.edu wrote:
> One thing we need to remember is who the target audience is.
> 
> The recepients of this auto scan thing will more than likely be people who a) 
> have no idea what the report means b) doesn't care what the report means c) 
> has some clue what the report means but doesn't know how to fix the problems.

What I do in these circumstances is mail the IT manager of the section
involved. They are normally the ones who get to pay the network usage
bills for their departments or faculties and since hosting a warez
server can be a very expensive experience they are normally very keen to
know about any vulnerabilities in any systems belonging to their users.

We have had people run up over $1000 dollars in network charges with
warez or misconfigured p2p servers between monthly billing runs.

Charging may be a pain in the proverbial but it sure makes IT managers
security conscious!

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.



More information about the unisog mailing list