[Fwd: Re: Moving from Defense to Offense (or vice versa) to secure your network]

[Max Ashton <maxashton () eml cc>]

-------- Forwarded Message --------
> From: Max Ashton <maxashton () eml cc>
> To: Erin Carroll <amoeba () amoebazone com>
> Subject: Re: Moving from Defense to Offense (or vice versa) to secure
> your network
> Date: Sun, 27 Nov 2005 15:16:22 +0000
> Hi Erin
> > So I was hoping some list members would share some similar experiences with
> > us. How many of you have switched between offense/defense and what were some
> > of the stumbling blocks or key differences you found in how you approached
> > your goals? Is it worth it to cross-train in some manner? How have you sold
> > someone on the advantages of penetration-testing your network to quantify
> > and test the effectiveness of your existing defenses?
>
> I think it's definately worth cross training here, as i'm sure others
> will agree. There's an old saying, "Sometimes the best defence is a good
> offence". You can't expect to call your own network secure if you
> haven't even run a penetration test on it. If you don't know how to
> break a network, you won't be as good as you could be at defending it. 
>
> There are a *lot* of tools out there that an attacker can use to gain
> insight into your network, and you're only going to be able to stop them
> if you know what they know.
>
> Know what i'm saying?
>
> Max

Attachment: smime.p7s
Description: