Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: how many computers are needed?

From: "George Milliken" <gmilliken () farm9 com>
Date: Fri, 28 Sep 2001 09:27:52 -0700
leon,

automated tools DOES NOT EQUAL a pen test.

For many reasons.  The least of which is the time to brute attack many
hosts.

Sounds like you are doing an internal audit.

Many procedural issues need to be examined as well as the networks and
hosts.

# of people depends on the job size and how long you want it to take.  Job
size alone cannot determine the # of people.

1 women can make a baby in 9 months.  9 women can make a baby in one month,
at least, that's what most IT project managers think.  <grin>.

I will give you more specifics off line.  If you want them email me
directly.

George
farm9


-----Original Message-----
From: leon [mailto:leon () inyc com]
Sent: Thursday, September 27, 2001 8:14 PM
To: pen-test () securityfocus com
Subject: how many computers are needed?



Hi everyone,

I have a basic question on pen-testing.  How many consultants and
computers goto a small to mid sized network (say 100 machines or fewer)?
It seems that between nmaping every single port (tcp & udp) ((I asked
this question a couple of days ago and the two responses I got suggested
this)) on every single host (if this is what the customer wants),
running things like ISS, Nessus or Scanner of choice, along with other
tools like Whisker or l0phtcrack and etc, this could take an awful long
time (not to mention cpu cycles).  Do most people bring more then one
laptop with them?

Sorry if this is really basic I checked the archive and saw no mention
of it.

Cheers,

Leon


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: