Automated Vulnerability Assessment Can Only Go So Far
In response to the attack on hosted Ubuntu servers, I mentioned that automated tools can help system admins keep up with vulnerability monitoring. A new article by David M. Piscitello of Core Competence at SearchNetworking points out the limits of these tools:
The temptation to deploy and rely on automated monitoring, analysis and response technologies can be as overwhelming to network administrators today as the sirens' calls were to Ulysses and his crew during the Golden age of Greece.
He goes on to appeal for increasing the human, and especially team-based, role:
Nurturing assessment skills among your IT staff can begin with simple exercises and gradually become more challenging. A popular introductory exercise is to have staff learn the information-gathering techniques attackers use. Have your staff begin by performing ping scans and port scans using nmap. As they become familiar with nmap, encourage them to try such advanced techniques as OS and service fingerprinting. Encourage them to share their experiences.
I've argued before in different situations that technical solutions alone don't solve our security problems and Piscitello has another good example. Finding a balanced combination of techniques and tools is more important than finding a single "best" tool.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
