Security Basics mailing list archives
Re: Disabling IPS for PENTEST
From: Mike Kallies <mike.kallies () gmail com>
Date: Mon, 06 Aug 2012 11:58:07 -0400
On 12-08-06 10:36 AM, Jose Fuertes wrote:
I agree with haZard0us. I would ask for external and internal pentest.....remember a hacker won't ask you to disable you're protections. And you are looking to measure your security.
I partially agree here and partially disagree. The best move would be to put the IPS into IDS mode for the scanner source and log what it would be reacting to. That might be impractical depending on the knowledge of the IPS team. The problem with conducting a pen test against an active IPS is that once you've triggered a positive, there's no reason to believe that any other test is valid. It doesn't mean that the site is properly secured, it just means that you were detected during one particular scan/attempt. A less complex method would be to disable the IPS for the IP of the pen tester, generate a list of detections, then enable the IPS and test the IPS against those concerns ( then unblocking your IP in the IPS for the next scan if you get blocked). Your report would contain some detail about how the IPS mitigates the vulnerabilites. If you want to conduct a "pure" black box, then factor in the cost of having a few thousand IP addresses in disparate networks and add it to the quote. The customer will probably opt for disabling the IPS (for the attacker). -Mike ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Disabling IPS for PENTEST Kid Tangerine (Aug 06)
- Re: Disabling IPS for PENTEST khushal201301 (Aug 06)
- Re: Disabling IPS for PENTEST haZard0us (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Mike Kallies (Aug 07)
- RE: Disabling IPS for PENTEST Wells, Sean (Aug 06)
- Re: Disabling IPS for PENTEST Rajiv D (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Alun Morgan (Aug 06)
- Re: Disabling IPS for PENTEST Shane Anglin (Aug 06)
- Re: Disabling IPS for PENTEST Reginald%20Wheeler (Aug 06)
- Re: Disabling IPS for PENTEST gig (Aug 07)
- Re: Disabling IPS for PENTEST RobOEM (Aug 07)
- <Possible follow-ups>
- Re: Re: Disabling IPS for PENTEST savvy95 (Aug 06)