Penetration Testing mailing list archives
Re: Converged Network Assessment
From: lucien Fransman <lucien.fransman () irc2 nl>
Date: Sun, 5 Feb 2006 20:41:54 +0100
On Friday 03 February 2006 20:01, joseph () cibir net wrote: In answer to your mail: reading the list it seems as a marketing version what most other companies would offer. That said, the meaning of the term assessment differs from company to company (and indeed from person to person). to make the listmore accessable, I would say it amounts to something like: an external/internal portscan of your network, someone to look over the pbx settings, a wardialer scan over your phonenumbers, checking your IDS ruleset and someone with a wireless/bluetooth sniffer wandering around in your company. The pentest looks promising, but beware of quality issues. A pentest is worthless if the person conducting the pentest isn't good, and if the person doing the pentest isn't able to reach its goal ( root account on several servers, access to the payroll database, whatever), it just says that that person isn't able to breach your defenses. The sans assessment is (as far as I can make out) a crosscheck of the 10 or so most horrible vulnerabilities as reported by SANS. IMHO, the worth of something like this isn't so much in the outcome of the individual parts as in the resulting collaboration of the results. - What does it mean for your company, - is there something fundamental lacking, - Is the outcome what you expected and last but not least: - Can you do something usefull with the results This depends a lot on the individual(s) doing the testing. My advice would be to have a talk with these people, and ask them of sample (stripped) deliverables, and see if they fit with your expectations. -- Kind Regards, Lucien Fransman, Information Risk Control ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Converged Network Assessment joseph (Feb 05)
- Re: Converged Network Assessment lucien Fransman (Feb 05)
- <Possible follow-ups>
- Re: Converged Network Assessment Bob Radvanovsky (Feb 05)
- RE: Converged Network Assessment Ken Kousky (Feb 06)
- RE: Converged Network Assessment Giancarlo Paolillo (Feb 06)
- RE: Converged Network Assessment - VoIP Security Ken Kousky (Feb 07)
- RE: Converged Network Assessment Joseph Seanor (Feb 11)
- RE: Converged Network Assessment Ken Kousky (Feb 06)