Folks, I appreciate all of your input on the my original email (Political Challenges Using Nessus).�on the dilemma I was facing in using Nessus in the *politically correct way*. In generally, the consensus opinion was that I needed to make sure I obtained written permission and inform everyone of my plans when I do my scans.
The advice was great�and I have since drafted up a letter that I am getting ready to fire off to my Director. In the letter I am asking for permission to use any security tool, on any production device, any time and from any direction (i.e. inside or outside of our network). I will use due diligence in testing the tools. A new job description/responsibilities covering these points was also requested. I went on to explain, why I want everything to be *so formal*. I am very concerned about being fired and/or sued. There is a business and technology risk in using security tools and I want a "get out of jail card" in case anything went wrong. The final paragraph, contains a request that the permission letter and my new job description be signed by my director, his boss, the VP of the Networking and Server Area, and HR. Do you agree with my approach? Think it is a good idea to ask for the *world* and see what happens? Worse case is he will reduce the scope of *white hat hacker* activities. If he agrees with everything and I get everyone's approval�boy am I going to have fun!! _________________________________________________________________ Join the world�s largest e-mail service with MSN Hotmail. http://www.hotmail.com
