Firewall Wizards mailing list archives

Re: Penetration Tests

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Thu, 25 Sep 1997 18:54:11 +0000

If you have tools, documentation or a template for considerations
I'd be grateful. This will be part of an overall risk/vulnerability
audit, which I have no problems with.


A lot of consultants, auditors, and companies that make
scanner software, would consider that to be incredibly
valuable intellectual property. Don't be surprised if you
don't get a lot of information.

An interesting side-effect of the huge market for computer
security products and services is that it's served to
*increase* the secretiveness of security experts. Unfortunately,
what we really need to be doing is the opposite - sharing
information. But, in a lot of cases, it's hard to expect one
to do otherwise because there's a lot of money at stake.

It'll be interesting to see if anyone provides any information
to the list. [Moderator's note: I WILL suppress "me too"
postings in this thread]

mjr.
-----
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
<A HREF=http://www.clark.net/pub/mjr>Personal</A>
<A HREF=http://www.nfr.net>Work</A>
<A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>

Current thread:

Penetration Tests Edward Cracknell (Sep 25)
- Re: Penetration Tests Marcus J. Ranum (Sep 25)
  - Re: Penetration Tests Brian Mitchell (Sep 26)
    - Re[2]: Penetration Tests Edward Cracknell (Sep 26)
    - Re: Re[2]: Penetration Tests Arjan Vos (Sep 27)
    - Re: Re[2]: Penetration Tests Alfred Huger (Sep 27)
- Re: Penetration Tests Paul D. Robertson (Sep 26)
- Re: Penetration Tests Bennett Todd (Sep 26)
  - Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
    - Re: Policy ? (was RE: Penetration Tests) Edward Cracknell (Sep 29)
    - Re: Policy ? (was RE: Penetration Tests) Bennett Todd (Sep 29)
    - Re: Policy ? (was RE: Penetration Tests) Paul D. Robertson (Sep 30)

(Thread continues...)