Firewall Wizards mailing list archives
Re: penetration testing via shrinkware
From: Arve Kjoelen <Arve.Kjoelen () ey com>
Date: Tue, 8 Sep 1998 0:05:35 -0500
One of the reasons clients elect a penetration test instead of (or in addition to) an internal review of their networks and hosts, is the opportunity to also evaluate 'readiness' or 'education and awareness'. In other words: Did anyone at the client site have a clue that you broke in or attempted to break in? Shrink-wrapped software seems to be exceedingly noisy. If one of the goals is to evaluate readiness, shrink-wrapped software will make almost any client look good, since the noise made is sure to set off alarm bells in many IT shops. I don't think shrink-wrapped scanners are a nice 'first step'. Beginning with an ISS scan is a sure way to set off alarm bells and have all packets from your IP address (range) be silently dropped at their exterior router. Now how are you going to get in? Rather than a 'first step' shrink-wrapped scanner would seem to fit better as a nice 'last step' for the following purposes: - To attempt to ring all possible alarm bells just to verify that _someone_ at the site is looking through logs. - In cases where manual/semi-automated penetration was unsuccessful, the results of a shrink-wrapped scan can still raise some eyebrows at the client - hosts that aren't supposed to be reachable from the Internet might show up, as might vulnerabilities you just don't have the time or budget to exploit (making that buffer overflow work on AIX4.3 just might take too long, even if you don't have to learn RS/6000 assembly) -Arve.
Current thread:
- Re: Penetration testing via shrinkware, (continued)
- Re: Penetration testing via shrinkware Dave Whitlow (Sep 19)
- Re: Penetration testing via shrinkware Christopher Nicholls (Sep 19)
- Re: Penetration testing via shrinkware Adam Shostack (Sep 20)
- Re: Penetration testing via shrinkware Ivan Arce,CORE SDI (Sep 23)
- Re: Penetration testing via shrinkware tqbf (Sep 21)
- Re: Penetration testing via shrinkware Crispin Cowan (Sep 19)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 20)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 20)
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 21)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 21)
- Re: Penetration testing via shrinkware Ted Doty (Sep 21)
- Re: Penetration testing via shrinkware Paul D. Robertson (Sep 21)