Re: [PEN-TEST] Testing a "rogue site"

["Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> -----Original Message-----
> From: Missy, E [mailto:freehold () EROLS COM]
> Sent: Monday, 11 September, 2000 11:36 PM
> To: PEN-TEST () SECURITYFOCUS COM
> Subject: Re: [PEN-TEST] Testing a "rogue site"
>
>
> "Karyn Pichnarczyk" wrote:
> [snipped]
> > But unless you go by
> > the One and Only rule, you will not last long in the security trade:
> >
> > 1. Business Must Continue.
> >
> > If this rule is not followed, then it doesn't matter how good or bad
> > the security posture is: the company just won't exist!
> >
> > Therefore, the Business Demands of the company must be met,
> AT ALL COSTS
> > including, regretfully and occasionally, the cost of bad security.
>
> More and more, without security, companies can be
> (temporarily) 'made to
> not exist' - i.e. brought down, sometimes for an extended
> period of time
> if a sufficient hit is made.  Business will *not* continue
> without data
> and communications.  What's more inconvenient, a few 'extra' steps
> between users and tasks (i.e. logging procedures, periodic
> re-education,
> etc.) or the inability to perform those tasks at all?   After all, we
> all got used to waiting in airports to get through the metal
> detectors.

That's my understanding, too, but I almost thought I was all alone there.
;->
On that example here, something that can be termed 'rogue' _stays_ outside
the firewall in my book. And won't enter the dmz unless _I_ am satiesfied
with security. Companies using sensitive data of any form tend to stay
longer in the bizz if they've implented a reasonable amount of security.

SaS

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1 Int.
Comment: Even paranoiacs have enemies!

iQA/AwUBOb8TB/NEKPH/spuMEQLuRwCfQNPQ2KcFvD17MbpF8RkyFT/QMGAAoPeN
ZLfSo1tlScRcqmdRldyKIBsY
=MRYV
-----END PGP SIGNATURE-----