Security Basics mailing list archives
Re: Disabling IPS for PENTEST
From: RobOEM <rd.seclists () gmail com>
Date: Mon, 6 Aug 2012 19:01:04 +0200
Hi, I'll be a little more nuanced than all the other contributors. If you understand the goal of the pentest is to help you identify the vulns in your application, then please, by all means, disable your IDS. If anything, IDS is just an annoyance to an auditor, because he will see vuls he can't exploit. Also, if you were to turn it off (and you know production/business reasons will make you turn it off should they arise), of if your IDS were to have a vuln (fragmented packets, IPv6 inexistent support, whatever) they would be exploitable. That is, IF the goal is to help you identify the problems AND you have ways and means to fix it. On the other hand, if the goal of the pentest is to show corporate how lame you are, and how easily your app can be breached, then don't turn it off. Although getting thouroughly pwned can be a way for a smart manager to obtain money to do things right. To answer you original question, I have found in my practice it IS a common practice to turn "active defenses" like IPSes off for auditors. Even more so if your IPS blacklists offending IPs for some time. This is just stupid to do this to an auditor who has, as opposed to a dedicated attacker, limited time to do the job. Rob' On Mon, Aug 6, 2012 at 3:57 PM, Kid Tangerine <kidtangerine () gmail com> wrote:
All, Corporate has requested we get a PENTEST for our Internet facing website from a third party, but the third party asked us to allow their ip address to be excluded from our IPS. Is that a common practice to basically turn off our protection and allow them in? Obviously we aren't developers, so If the code has sql injections, cross site scripting, etc vulnerabilities we cannot fix it within the corporate guidelines, and our only leverage from the IT infrastructure side is to include the needed filters in the IPS to prevent their crappy code from being exploited. It we turn off the IPS I am sure all kinds of things will show up. Any experience appreciated. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Disabling IPS for PENTEST, (continued)
- Re: Disabling IPS for PENTEST khushal201301 (Aug 06)
- Re: Disabling IPS for PENTEST haZard0us (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Mike Kallies (Aug 07)
- RE: Disabling IPS for PENTEST Wells, Sean (Aug 06)
- Re: Disabling IPS for PENTEST Rajiv D (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Alun Morgan (Aug 06)
- Re: Disabling IPS for PENTEST Shane Anglin (Aug 06)
- Re: Disabling IPS for PENTEST Reginald%20Wheeler (Aug 06)
- Re: Disabling IPS for PENTEST gig (Aug 07)
- Re: Disabling IPS for PENTEST RobOEM (Aug 07)
- Re: Re: Disabling IPS for PENTEST savvy95 (Aug 06)