- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Auditing-In-Depth For Solaris
- Abstract
- Auditing-in-depth is a concept that will be reinforced throughout this paper; it is the logical extension of "defense-in-depth" to auditing. Auditing-in-depth is examining the security posture of a system or network from the perspective of possible threat vectors. Too often, organizations rely solely on the output of a single network-based vulnerability-scanning tool to audit their security posture. These scans can only address network based vectors. Relying solely on network-based scans can give organizations an incomplete view of their security posture. It also can give security analysts a reputation as, "the guys who just show up and run scans." For all threat vectors to be addressed, the target should be examined from both the inside and outside by a combination of manual tests, automated tools, and policy review.