Firewall Wizards mailing list archives
Re: Penetration testing via shrinkware
From: "Sheila //or// Bob (depends on who's writing)" <shsrms () erols com>
Date: Thu, 03 Sep 1998 19:35:53 -0400
Stout, Bill wrote:
What are the opinions on the thoroughness of shrinkwrap software penetration testing? Is today's shrinkware more capable for penetration testing (a single machine) than a human?
I would like to take a step back. Your ref to various tools seems to ignore teh basic conept: These are tools. A good tool can help a less skilled tool operator do more, faster, and better than that same operator without the tool.
I'll take one example of a tool,
<<SNIP>> sounds like an add for any tool company.
Some counter-points I have are: o The human needs to do data collection about the target through whois, nslookup, search engines, anonymous or spoofed phone calls, etc. o The human element still needs to select the targets, the connection path (dial-up, X.25, Internet, hops via private links, etc), the social engineering, the password crackers, etc. o The human also needs to define the D.O.S. threshold of the target, and limits on brute force efforts. o The tests won't detect sniffers installed at the target's ISP.
OR: the tool operator should have a selection of tools to choose from, the skill and knowledge to apply the right tool to the job, and that can actually come with experience. This is not like building a house. this is not like doing body work on a real steel car. One tool does not preclude the use of another.
Say someone wants to do penetration testing and security auditing for a company, and use various types of shrinkware to do it. Any comments?
I recommend using various tools. Much like our language, develop an idiom of tools that might give you indications that you might need to do more. There is no perfect tool. There are no perfect systems. Hopefully, the tool operator will learn what tools to use! just my two cents. Opinions are like arm pits, most folks have at least two, bob
Bill Stout
-- real address is shsrms at erols dot com The Herbal Gypsy and the Tinker.
Current thread:
- Penetration testing via shrinkware Stout, Bill (Sep 03)
- Re: Penetration testing via shrinkware Bennett Todd (Sep 03)
- Re: Penetration testing via shrinkware Sheila //or// Bob (depends on who's writing) (Sep 06)
- Re: Penetration testing via shrinkware Stephen P. Berry (Sep 06)
- <Possible follow-ups>
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 03)
- Re: Penetration testing via shrinkware emaiwald (Sep 03)
- Re: Penetration testing via shrinkware Dominique Brezinski (Sep 03)
- Re: Penetration testing via shrinkware Ryan Russell (Sep 03)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- Re: Penetration testing via shrinkware tqbf (Sep 17)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 18)
- Re: Penetration testing via shrinkware Ted Doty (Sep 19)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)