Re: network auditing

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2003-10-15 cc () belfordhk com wrote:
> Hagen, Eric wrote:
>
> > Well, being the network administrator, it would be impossible for
> > you to "black box" test the network.  However, any penetration
> > testing you employ would be "crystal box" type tests.
>
> Unless I do it at home(which isn't practical at the moment due to me
> still using a dialup).   But perhaps my understanding of this 'black
> box' test isn't that correct.  Why do you say it's 'impossible'?

Black box testing means you know nothing about the system/network you
try to pen-test. Whenever you have some knowledge about a system or
network (e.g. being its administrator) it is no longer a black box to
you.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------