Penetration Testing mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:41:01 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Missy, E [mailto:freehold () EROLS COM] Sent: Monday, 11 September, 2000 11:36 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Testing a "rogue site" "Karyn Pichnarczyk" wrote: [snipped]But unless you go by the One and Only rule, you will not last long in the security trade: 1. Business Must Continue. If this rule is not followed, then it doesn't matter how good or bad the security posture is: the company just won't exist! Therefore, the Business Demands of the company must be met,AT ALL COSTSincluding, regretfully and occasionally, the cost of bad security.More and more, without security, companies can be (temporarily) 'made to not exist' - i.e. brought down, sometimes for an extended period of time if a sufficient hit is made. Business will *not* continue without data and communications. What's more inconvenient, a few 'extra' steps between users and tasks (i.e. logging procedures, periodic re-education, etc.) or the inability to perform those tasks at all? After all, we all got used to waiting in airports to get through the metal detectors.
That's my understanding, too, but I almost thought I was all alone there. ;-> On that example here, something that can be termed 'rogue' _stays_ outside the firewall in my book. And won't enter the dmz unless _I_ am satiesfied with security. Companies using sensitive data of any form tend to stay longer in the bizz if they've implented a reasonable amount of security. SaS -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.1 Int. Comment: Even paranoiacs have enemies! iQA/AwUBOb8TB/NEKPH/spuMEQLuRwCfQNPQ2KcFvD17MbpF8RkyFT/QMGAAoPeN ZLfSo1tlScRcqmdRldyKIBsY =MRYV -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Testing a "rogue site" Kelly, Mike (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Testing a "rogue site" Mitch James (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Rich Richenberg (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 12)
- Re: [PEN-TEST] Testing a "rogue site" Wandering One (Sep 13)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Meritt, Jim (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 13)