Penetration Testing mailing list archives
[Fwd: Re: Moving from Defense to Offense (or vice versa) to secure your network]
From: Max Ashton <maxashton () eml cc>
Date: Sun, 27 Nov 2005 15:18:08 +0000
-------- Forwarded Message --------
From: Max Ashton <maxashton () eml cc> To: Erin Carroll <amoeba () amoebazone com> Subject: Re: Moving from Defense to Offense (or vice versa) to secure your network Date: Sun, 27 Nov 2005 15:16:22 +0000 Hi ErinSo I was hoping some list members would share some similar experiences with us. How many of you have switched between offense/defense and what were some of the stumbling blocks or key differences you found in how you approached your goals? Is it worth it to cross-train in some manner? How have you sold someone on the advantages of penetration-testing your network to quantify and test the effectiveness of your existing defenses?I think it's definately worth cross training here, as i'm sure others will agree. There's an old saying, "Sometimes the best defence is a good offence". You can't expect to call your own network secure if you haven't even run a penetration test on it. If you don't know how to break a network, you won't be as good as you could be at defending it. There are a *lot* of tools out there that an attacker can use to gain insight into your network, and you're only going to be able to stop them if you know what they know. Know what i'm saying? Max
Attachment:
smime.p7s
Description:
Current thread:
- [Fwd: Re: Moving from Defense to Offense (or vice versa) to secure your network] Max Ashton (Nov 27)