Penetration Testing mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Mon, 11 Sep 2000 09:36:53 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Listen to your instincts. I believe you're trying to be cooperative and a team player, and you're clearly interested in security and learning as much as you've can, but you've already figured out what the problem is in the title of your email - 'rogue sites'. They're not playing on the team, or you wouldn't be using the word 'rogue'. The company is evidently not quite behind the idea of having a security policy actually in effect, or they wouldn't allow any 'rogue sites'. IMO that means they won't back you up as Security Manager when - not if - there's trouble. Those sites could eventually endanger the rest of the network if they're tied in, which you *are* responsible for.
Basically I concur, but if you want to stick: Get your company's written approval of your responibilities. If this rogue site is inside your responibility tell them (in writing) it's either your authority as well or no responsibility. If it's the later, firewall them off your site! As long as it's not your job (and that's what having the authority means), don't do any more scanning or the like, it might be constructed as something sinister! A couple of rules to go by: 1) SECURITY has the last say! EVER! 2) if SECURITY say's no, it stays that way. Otherwise quit. If possible get that in writing. SaS -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Int. Comment: Even paranoiacs have enemies! iQA/AwUBObx9IvNEKPH/spuMEQLW5ACg/LEvNDG5LLDsn/QIczpaQp+I4jEAoJRg XL+EcNzogW/d4qnm9SQvhkbj =FaRQ -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Testing a "rogue site" Kelly, Mike (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Testing a "rogue site" Mitch James (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Rich Richenberg (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 12)
- Re: [PEN-TEST] Testing a "rogue site" Wandering One (Sep 13)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Meritt, Jim (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 13)