Re: Pen Testing

[Volker Tanger <vtlists () wyae de>]

Hi!

On Mon, 20 Oct 2008 11:33:58 -0400
"Patrick Fitzgerald" <servicepointtest () gmail com> wrote:
> Is it common that a security company would need rights such as domain 
> admin rights to perform an audit on the network? 

Depends on what you want them to audit.

If you want a software inventory of your windows machines, then having
DomAdmin permissions certainly can help. Otherwise they'd probably have
to distribute agents to the machines or work their way in.

What is the audio focus? Shall they support you doing advanced
administration e.g. by setting/checking GPOs and checking software
versions/licenses and registry settings? Then they probably have a
reason to need DomAdmin permissions.

If you have a different attack scenario e.g. them checking how outside
attackers might find a way in, then the most they could/should get is a
(patched) network plug and maybe an IP address they can use - plus the
obligatory emergency phone numbers and a list of systems *NOT* to test,
of course (ever bluescreened the central file server, anyone?). Then
getting a DomAdmin login probably is the goal, not the preriquisite.


Again: what are they supposed to check?

Simple check: let them explain in detail why they need those logins.
They should be able to show you step by step why and where they need
which permissions. If they can't, then check alternatives.

Bye

Volker

-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------