Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internal Servers (noob post)

From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 4 Jun 2009 14:41:25 -0400
GB >> Since many attacks happen from the inside anyway
RDF > Can you back up yours here, with something solid on the
RDF > actualy threat from internal users and admins?
According to Verizon's 2009 Security Breach Report, NO.

On 6/4/09, R. DuFresne <dufresne () sysinfo com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1

 On Wed, 3 Jun 2009, Gorgon Beast wrote:

                [SNIP]


Since many attacks happen from the inside anyway, you should protect those

machines. If you want to get really granular (which a lot of companies are,
lately), you can put your servers in an internal DMZ as well, behind a
firewall and only all authorized workstations to connect to them. This take
a lot of work to implement if you are already set up.



 Insider threat is often stated, and the metrics I've seen on it do not seem
to be backed up.  Can you back up yours here, with something solid on the
actualy threat from internal users and admins?

 Thanks,

 Ron DuFresne

[[SNIP]]


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: