RE: Quality and Comprehsive Services

[Meidinger Chris <chris.meidinger () badenit de>]

Are you just planning to offer those services, or would you like to provide
them as well?

I would suggest learning how to do each one of those things, and after you
do it, then adding it to your offerings.*

Oh yes, and don't forget to offer extended driver development for /dev/null,
you could even sell USB devices to connect to that important port.

*no, seriously. Look, i've been doing this security stuff for a while, and i
would be really queasy putting that much stuff on offer. Something like pen
testing or forensics is not for the security novice. If you want to offer
this stuff, figure out how to learn it first, and try it out. Try to break
into you own computer or web application. Spend some time with each of the
areas you listed, and when you feel comfortable doing it, then offer it
professionally. You don't want to get into a breach of contract dispute when
you are doing forensics for someone and end up contaminating the evidence,
or not maintaining chain-of-custody records and getting the evidence
rejected by a judge. Practice makes perfect. 

Chris Meidinger

badenIT GmbH
System Support

Tel. +49 761 279 2280
Fax. +49 761 279 2200

Tullastrasse 70
79108 Freiburg
Deutschland


-----Original Message-----
From: Brian Rogalski [mailto:brianr () totalcomsolutions com]
Sent: Friday, August 22, 2003 5:28 PM
To: Security Focus
Subject: Quality and Comprehsive Services



Members, 

My name is Brian and I am some what a newbie in the security field. I am
working for a small start-up company and want to offer network security
solutions. I thought the best course of action would be to ask the
experts (you guys). I started thinking of a list of services to offer
customers. If any of you have a few minutes I thought you could help me
with the list. 

Some of what I came up with: 

Network Deployment Analysis (making sure the network is set up properly)
System Auditing
Penetration Testing 
Venerability Assessment 
Web Penetration Testing 
Forensics  

I know I am probably missing somethings 

Thanks in advance 

Brian


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------