Penetration Testing mailing list archives
Moving from Defense to Offense (or vice versa) to secure your network
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Sat, 26 Nov 2005 17:37:26 -0800
All, I was having an interesting discussion with a coworker the other day about the differences between pen-testing (offense) and network security work (defense) which we do in our day jobs. The majority of my security background has been from a penetration standpoint so the way I view network security defense setups and priorities tends to be of the "how would I break this and get in" viewpoint rather than the "how do I secure this and ensure reliable reporting/monitoring" view that my coworker is more centered on. The differences in the priorities and methods we would choose to secure our network for defense was much different than I anticipated. So I was hoping some list members would share some similar experiences with us. How many of you have switched between offense/defense and what were some of the stumbling blocks or key differences you found in how you approached your goals? Is it worth it to cross-train in some manner? How have you sold someone on the advantages of penetration-testing your network to quantify and test the effectiveness of your existing defenses? I would be interested to hear some cases you have run into out there. -- Erin Carroll "Do Not Taunt Happy-Fun Ball" -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.8/183 - Release Date: 11/25/2005 ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Moving from Defense to Offense (or vice versa) to secure your network Erin Carroll (Nov 26)
- Re: Moving from Defense to Offense (or vice versa) to secure your network James Eaton-Lee (Nov 27)
- Re: Moving from Defense to Offense (or vice versa) to secure your network Byron Sonne (Nov 27)
- Re: Moving from Defense to Offense (or vice versa) to secure your network Frederic Charpentier (Nov 27)
- Re: Moving from Defense to Offense (or vice versa) to secure your network Bob Radvanovsky (Nov 27)
- RE: Moving from Defense to Offense (or vice versa) to secure your network Erin Carroll (Nov 27)
- <Possible follow-ups>
- RE: Moving from Defense to Offense (or vice versa) to secure your network Evans, Arian (Nov 28)