Re: [PEN-TEST] Noisy ou stealthy ?

["Dunker, Noah" <NDunker () FISHNETSECURITY COM>]

This totally depends on what the client wants from us.  Obviously,
sneaky attacks take a lot more time, but are usually a better
simulation of a skilled attacker.  A lot of times, clients want
a report that shows how vulnerable they are to a full-blown
corporate espionage attack including social engineering, stealth
scanning and IDS Evasion, and possibly even phys-testing as well.
This sort of pen-test takes a lot of time, and is very expensive.

We do offer "quick & dirty" tests, but just using ISS, whisker &
nessus barely qualifies as a pen-test.  We do manual attacks as
well.  Basically it comes down to the scope of the pen-test:

do you want to only test how well the systems resist attacks?

or

do you want to see how your employees & systems HANDLE attacks?

Everything has a degree of real-ism... You can go totally fake
and pound the heck out of their systems with their permission
while they watch and ogle... or you can be realistically
stealthy, and actually simulate a high-level attack.



-----Original Message-----
From: Nicolas Gregoire [mailto:nicolas.gregoire () 7THZONE COM]
Sent: Wednesday, November 08, 2000 10:17 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Noisy ou stealthy ?


Hi pen-testers,

just a question about methodology.

When you are doing some pen-tests, do you use the noisy way (full port
range scan, lot of scanning for cgi whitout IDS evasion techniques,
brute force attacks on FTP) or the sthealthy one ?

I think that the noisy way is easiest (just schedule a Nessus scan , a
whisker scan and an ISS scan for the night, read the results and attack)
but can't really test the efficacity of corporate defenses.

The stealthy way is more time-consuming, but more funny ....

So, what's your method ?

Nicob