Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: ArkanoiD <ark () eltex net>
Date: Fri, 10 Apr 2009 17:25:44 +0400
I had strong attitude against pen testing until i observed the current situation more closely. I found out a few things: 1.) there is (almost certain) windows-based office network 2.) it is totally screwed up because it is the way it works 3.) there (probably) and Oracle server accessible form there 4.) if it is, it is totally screwed up because it is the way it works All of those are major security problems. Actually that is enough to show things being really bad. And people need a graphic demonstration of what a clusterf*ck are they tied in to start thinking about security architecture, how does it affect business processes and so on. Windows network pentesters have success rate close to 100%. And that's why they are there. Though i hate pen-testing approach and fully agree to everything you said about it. On Thu, Apr 02, 2009 at 01:17:10PM -0500, Marcus J. Ranum wrote:
Chris Blask wrote:having more Pen Testing done in the world is itself a move in a positive direction, so that's a good thing by any metric.I disagree. What does pen testing show?? Pen testing can show one of two things: - your security sucks - your security is better than your pen tester Neither of those two determinations are equal to "your security is good."
.... _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Paul Melson (Apr 03)
- Re: PCI DSS & Firewalls Brian Loe (Apr 05)
- Re: PCI DSS & Firewalls miedaner (Apr 05)
- Re: PCI DSS & Firewalls Mark (Apr 06)
- Re: PCI DSS & Firewalls Brian Loe (Apr 06)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls AMuse (Apr 02)
- Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Chris Myers (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls R. DuFresne (Apr 02)