Penetration Testing mailing list archives
Re: [PEN-TEST] War Dialling - Limited Scope
From: mshines <mshines () purdue edu>
Date: Thu, 16 Nov 2000 14:49:18 -0500
Then I presume the results will be duly qualified also? How much assurance could one give if the whole of the orgranization is not examined? In an auditors terms - your independence and scope has been limited, which leads to a qualified opinion. Certainly, technically, the work can be done - but what is the value of the results. For example - if you have strong security in IT, but allow file transfers - it's a trivial task to FTP a file to a desktop and send it outside the organization from there (with absolutely no protection). In the end, security is only as good as the weakest link... which speaks strongly for an organizational wide review. But, of course, you have to do what you contracted for. ----------------------------------- Michael S Hines OS/390 Systems Programmer Management Information 1061 Freehafer Hall West Lafayette, IN 47907-1061 phone 765-494-5875 fax 765-496-1380 -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Scott, Mick Sent: Thursday, November 16, 2000 12:31 PM To: PEN-TEST () SECURITYFOCUS COM Subject: War Dialling Quite rightly most of you have high lighted the need to wardial the whole of acme.com. However, and i should of explained this, the scope of the engagement does not permit this and must be concentrated in this one area. Thanks for the responses. Regards, Mick Scott, Information Security e-business Services, IBM Global Services Hursley Telephone: 01962 818265 - Internal: 248265 E-mail: mick_scott () uk ibm com - PGP key available
Current thread:
- [PEN-TEST] War Dialling Scott, Mick (Nov 17)
- Re: [PEN-TEST] War Dialling - Limited Scope mshines (Nov 17)
- Re: [PEN-TEST] War Dialling Talisker (Nov 17)