Penetration Testing mailing list archives
RE: physical security pentesting procedures, tips, audit programs?
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 09 Dec 2004 14:17:53 -0600
On Thu, 2004-12-09 at 14:12, Todd Towles wrote:
Frank, If I remember correctly Xyberpix stated that they should be hidden. St8r from his e-mail " be allowed, stick a business card somewhere out of site, and make a note of it."
Ah, okay. I still think it's a bad idea :)
[...] The general staff wouldn't know what is going on...and sorry to say it but the test is designed to find the sorry security, not hide it.
Sure, but you show it to management/sponsor. You don't show it to the people affected unless they are involved in a test (like branch managers having you detained in their office). Penetration Testing is all about showing flaws, but to the sponsor, not the folks who commit the violations. It's the responsibility of the sponsors to take action in a way they see fit. Discretion is paramount in these engagements. You just don't leave stuff behind. But hey, if that works for you, more power to you ;) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: physical security pentesting procedures, tips, audit programs?, (continued)
- RE: physical security pentesting procedures, tips, audit programs? Vic N (Dec 03)
- RE: physical security pentesting procedures, tips, audit programs? Jerry Shenk (Dec 07)
- Re: physical security pentesting procedures, tips, audit programs? Don Lord (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? xyberpix (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? Jerry Shenk (Dec 07)
- Re: physical security pentesting procedures, tips, audit programs? Jose Maria Lopez (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 07)
- RE: physical security pentesting procedures, tips, audit programs? Frank Knobbe (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Todd Towles (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? xyberpix (Dec 09)
- RE: physical security pentesting procedures, tips, audit programs? Frank Knobbe (Dec 09)
- Re: physical security pentesting procedures, tips, audit programs? nicola (Dec 12)
- RE: physical security pentesting procedures, tips, audit programs? Vic N (Dec 03)