Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes)
From: "Steve Manzuik" <smanzuik () juniper net>
Date: Mon, 13 Nov 2006 12:15:57 -0500
I agree with both of you guys to a point. When I was a consultant my shtick was that a "pen-test" is a complete waste of time if you don't have your other ducks in line. This was based on the un-scientific research conducted by myself that basically concluded that 99/100 pen-tests are almost always successful. So, I could tell the client, without even looking at their network that there was a 99% chance that they could be compromised by either a pen-test team or malicious individual. So why spend your already small budget on something that has results that can be assumed. Don't get me wrong, there is a huge value in pen-tests especially when you have someone with real skills (not someone who simply tells you about your ICMP timestamps as Dave said) doing a pen-test for you but why not have this sort of work done after you have done the compliance and patch management dance. Only then will it bring out the real value which, as Dave said, is popping zero days in your infrastructure instead of simply telling you that you need to patch more. The other caveat here of course is that there is no use in popping zero day on someone if you are unable to help them actually remediate the risk and protect from it. Just my $.02 (Canadian so more like $.0175782) -Steve PS: Don't even get me started on my rant on the "ICMP timestamp" guys. Dave and the rest of you in the pen-test game should be eating those guy's lunch among other things. Especially in this day and age. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- "The organization I belong to doesn't have initals" (that evil dude in Heroes) Dave Aitel (Nov 12)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Pete Herzog (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Paul Melson (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Rhys Kidd (Nov 16)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)