Re: win2k pentest - what can i do?

[Paul Rathborn <admin () gridlocked net>]

At Gridlocked we represent whitehat security professionals, our audits
basically involve either (or both) of the following:

* Network Security Assessment
* Penetration Testing

We explain the methods behind our Network Security Assesments - network
mapping, host identification, information gathering, service inspection,
network scanning,
protocol probing, host fingerprinting, vulnerability assessment,  use of
top commercial security tools  combined with various opensource and
private utilities.

Penetration Testing - We hand over our policy and then explain we take on
the attackers perspective at actively aiming to exploit and compromise the
security of the servers. Using known and unknown (un-disclosed ) bugs.

bugs and detail them with a full technical report listing:

  .Vulnerability Name
  .Problem Description
  .Severity Rating
  .Impact
  .Patch/fix methodologies
  .Suggestions/workarounds

Alot of people still don't understand the terms that well, even though we
usually explain to them the different terminology in the scene. In the end
it doesn't really matter to much for them,  we are there to secure there
systems, secure there data and help secure the internet.


Paul Rathborn
IT Security Engineer/System Admin                      Gridlocked Networks
E-Mail: admin () gridlocked net                         "Lock onto
Gridlocked.net"


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/