Penetration Testing mailing list archives
RE: [lists] PT Report delivery (caveats)
From: "Curt Purdy" <purdy () tecman com>
Date: Fri, 3 Mar 2006 04:21:47 -0500
Hey Johny, In my past life as an infosec consultant, I always delivered several hardcopies on the closeout meeting along with a cd of electronic version. The hardcopies were given to IT director/CIO for appropriate distribution to closeout meeting members. Occasionally there was a "For Your Eyes Only" cd, i.e. when I found Lophtcrack on the CIOs PC placed there by the sysadmin using the company's DS3 to crack Internet boxes. Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA Information Security Officer If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
-----Original Message----- From: johnny Mnemonic [mailto:security4thefainthearted () hotmail com] Sent: Thursday, March 02, 2006 7:06 AM To: pen-test () securityfocus com Subject: [lists] PT Report delivery (caveats) Hi I'm interested in the group's feedback on the most accepted way to deliver a final PT report to a client. Best practices indicate that reports are only sent to a select group of people in each of the Red/White/blue teams, and docs are sent via encrypted email and/or the document itself encrypted with public/private keys exchanged at the start of the engagement. I've even heard that sending electronic copies of the report is a no-no and only a hardcopy should be couried. Could someone weight in on caveats and/or industry standards for report delivery? Also how would report delivery best practices from an internal pesting team differ (if at all) from that of a third party consulting outfit. Many thanks. _________________________________________________________________ Find just what you are after with the more precise, more powerful new MSN Search. http://search.msn.com.sg/ Try it now. -------------------------------------------------------------- ---------------- This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ -------------------------------------------------------------- ----------------
------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- PT Report delivery (caveats) johnny Mnemonic (Mar 02)
- RE: [lists] PT Report delivery (caveats) Curt Purdy (Mar 03)
- Re: PT Report delivery (caveats) Gareth Davies (Mar 03)
- Re: PT Report delivery (caveats) Tim (Mar 04)
- Re: PT Report delivery (caveats) intel96 (Mar 06)
- Re: PT Report delivery (caveats) Stefano Zanero (Mar 09)
- <Possible follow-ups>
- RE: PT Report delivery (caveats) Anders Thulin (Mar 03)