Penetration Testing mailing list archives
Re: honeypot in conjunction with pen test?
From: Mark Tinberg <tinberg () securepipe com>
Date: Fri, 7 Jun 2002 07:03:10 -0500 (CDT)
On Thu, 6 Jun 2002, Mike Riley wrote: [snip]
certainly isn't. It's not about getting in, it's about *auditing*.
If I may respectfully disagree, a pen-test *is* about getting in, and is distinct from an audit. To me (and this may just be a semantic difference) an audit is a completely different animal where the auditors spend several weeks/months on-site going over the client's procedures and network equipment with a fine toothed comb, as well as interviewing the admins. The report will contain things that should be tightened up as well as places where the written policy differs from what is implemented in the network hardware and where the admins differ from policy. It is not something that can be done remotely, although it may involve a pen-test for verification. I may be confused (it's way past my bedtime 8^) but I think that there is a general misunderstanding both in the minds of clients and sometimes in the minds of the consultants about where the difference lies. -- Mark Tinberg <MTinberg () securepipe com> Network Security Engineer, SecurePipe Inc. Remember: Wherever you go, there you are! Key fingerprint = AF6B 0294 EE33 D802 F7A1 38A4 CF52 5FE0 7470 E5F7 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: honeypot in conjunction with pen test? Aleksander P. Czarnowski (Jun 05)
- <Possible follow-ups>
- RE: honeypot in conjunction with pen test? Javier Fernandez-Sanguino Pena (Jun 06)
- Re: honeypot in conjunction with pen test? Bennett Todd (Jun 06)
- Re: honeypot in conjunction with pen test? Mike Riley (Jun 06)
- Re: honeypot in conjunction with pen test? Mark Tinberg (Jun 07)
- Re: honeypot in conjunction with pen test? Daniel Polombo (Jun 07)
- honeypot in conjunction with pen test? Javier Fernandez-Sanguino Pena (Jun 18)
- Re: honeypot in conjunction with pen test? Alex Russell (Jun 19)
- RE: honeypot in conjunction with pen test? Woody Weaver (Jun 19)