Re: Penetration Test Assistance

[Barry Greene <bgreene () senki org>]

Hi Tim,

A _good_ pen test team would not need a network diagram. Their first round of penetration test would have them build 
their own network diagram from their analysis of your network. 

Barry


On Jun 5, 2012, at 7:52 AM, Green, Timothy wrote:

> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a Pentest next month and the testers are demanding a 
> complete network diagram of the entire network.  We don't have a "complete" network diagram that shows everything and 
> everywhere we are.  At most we have a bunch of network diagrams that show what we have in various areas throughout 
> the country. I've been asking the network engineers for over a month and they seem to be too lazy to put it together 
> or they have no idea where everything is.
>
> I've never been in this situation before.  Should I be honest to the testers and tell them here is what we have, we 
> aren't sure if it's accurate;  find everything else?  How would they access those areas that we haven't identified?   
> How can I give them access to stuff that I didn't know existed?
>
> What do you all do with your large networks?  One huge network diagram, a bunch of network diagrams separated by 
> region, or both?  Any pentest horror stories?
>
> Thanks,
>
> Tim
>
> ________________________________
> This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain 
> proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email 
> in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete 
> the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and 
> any attachments.