Penetration Testing mailing list archives
RE: Bank pen test
From: "Andy Meyers" <andy.meyers () hushmail com>
Date: Thu, 2 Mar 2006 20:35:28 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would go for the throat and hit the most important servers (customers financial information etc). This will make the biggest impact on them. Seeing as how the most important servers can be cracked, why not all the rest? Ashes - -----Original Message----- From: Noe Espinoza Mancillas [mailto:nespinoza () grupowissen com] Sent: Thursday, March 02, 2006 2:57 PM To: pen-test () securityfocus com Cc: nespinoza () grupowissen com Subject: Bank pen test hello all! now i'm still wait to start an internal penetration test in a bank .. they have a lot of servers.. HP Ux, Win, Sun, Linux , etc. and now they are using ISS (scanner) to find vulnerabilitys and then they make a remedation with some scripts and other comercial tools... so.. now they need help becouse the ISS scanner every time that are running found the same vulnerabilitys after patchs the servers. I told them that is really importan to use some other diferents scanners and make an penetration test to review if the vulnerabilities are really risk for the bussines!!.. and they don`t accept it .. buy they need it.. need to make a remediation of all the vulnerabilities in all the 4000 servers! so.. they ask for a pent test for only 20 servers.. and i don`t know how can i select the number of servers that i need to test to be sure that all the rest of the servers have the same vulnerabilitis!!.. ? and what kind of tools can i use to make that!? i never been in that kind of penetration test :(.. i think to use Core Ipact! any sugestions? regards noe - ---------------------------------------------------------------------------- - -- This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ - ---------------------------------------------------------------------------- - -- -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify/ Version: Hush 2.4 Charset: UTF8 wkYEARECAAYFAkQHx5AACgkQnZu7yPmLRpCOLACbB+QlorNoYZghP9V/7bx39ZZEIDgA n2oZcAP3szt/lhFbMYxYZXCciHcE =ZIbI -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Request for discussion on defending against specific Nmap TCP syn and version scans. Smith, Chris (Mar 01)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. Martin Mačok (Mar 02)
- Bank pen test Noe Espinoza Mancillas (Mar 02)
- RE: Bank pen test Andy Meyers (Mar 03)
- RE: Bank pen test mystic33 (Mar 03)
- Re: Bank pen test Noe Espinoza Mancillas (Mar 03)
- Re: Bank pen test Rick Zhong (Mar 03)
- RE: Bank pen test Omar A. Herrera (Mar 04)
- <Possible follow-ups>
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. revnic (Mar 02)
- Re: Request for discussion on defending against specific Nmap TCP syn and version scans. krantikari26 (Mar 02)