Penetration Testing mailing list archives

RE: Bank Assessment

From: c0d3r () cotse net
Date: Wed, 21 Apr 2004 21:23:04 -0400 (EDT)


Hi all;

Not to cast any dispersions on anything, but IMHO, the FFIEC guidelines are pretty
lame.  They're OK for "management and operational" type reviews, but they just don't
cut it for technical work.  I'd look to a more solid technical standard, like
nsa.gov, nist.gov, or OSSTMM Ver. 2.  Those are the things that I use for (almost
exclusively) banks.  We've developed custom testing programs using these as
standards.

c0d3r

You can find the answers to most of your questions including guidelines
here http://www.ffiec.gov/

My employer uses the guidelines as the basis for all of our banking
clients.


Blake Wiedman
Security Technician
Icons Inc.
www.iconsinc.com
732.309.6038

-----Original Message-----
From: Joe Smith [mailto:joey () r00t66 com]
Sent: Monday, April 19, 2004 2:40 PM
To: pen-test () securityfocus com
Subject: Bank Assessment


I'm looking for any good links with regard to Banking Institutions..
Security assessments, pen-testing, special needs etc.    I know they are
big on policies and procedures.


------------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
-------



------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



-- 
Hacking is a good mixture of technical knowledge, programming knowhow and misuse of
trust.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

Current thread:

Bank Assessment Joe Smith (Apr 19)
- Re: Bank Assessment Max (Apr 21)
- RE: Bank Assessment Blake Wiedman (Apr 21)
  - Re: Bank Assessment Ivan Arce (Apr 22)
    - Re: Bank Assessment lists (Apr 23)
  - RE: Bank Assessment c0d3r (Apr 22)
    - RE: Bank Assessment Amit Deshmukh (Apr 23)
    - RE: Bank Assessment Chuck Herrin (Apr 23)
    - Re: SME risk assessment (Was: Bank Assessment) fergus (Apr 24)
    - RE: Bank Assessment Blake Wiedman (Apr 23)
- <Possible follow-ups>
- RE: Bank Assessment James Williams (Apr 23)