Penetration Testing mailing list archives
Re: Internal Servers (noob post)
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 4 Jun 2009 14:41:25 -0400
GB >> Since many attacks happen from the inside anyway RDF > Can you back up yours here, with something solid on the RDF > actualy threat from internal users and admins? According to Verizon's 2009 Security Breach Report, NO. On 6/4/09, R. DuFresne <dufresne () sysinfo com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 3 Jun 2009, Gorgon Beast wrote: [SNIP]Since many attacks happen from the inside anyway, you should protect thosemachines. If you want to get really granular (which a lot of companies are, lately), you can put your servers in an internal DMZ as well, behind a firewall and only all authorized workstations to connect to them. This take a lot of work to implement if you are already set up.Insider threat is often stated, and the metrics I've seen on it do not seem to be backed up. Can you back up yours here, with something solid on the actualy threat from internal users and admins? Thanks, Ron DuFresne [[SNIP]]
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Internal Servers (noob post) pma111 (Jun 02)
- Re: Internal Servers (noob post) ticktock123 (Jun 03)
- Re: Internal Servers (noob post) Micheal Cottingham (Jun 04)
- Re: Internal Servers (noob post) misconceptions persist; R. DuFresne (Jun 26)
- Re: Internal Servers (noob post) Micheal Cottingham (Jun 04)
- Re: Internal Servers (noob post) Terry M (Jun 03)
- Re: Internal Servers (noob post) Muhammad Farooq-i-Azam (Jun 03)
- RE: Internal Servers (noob post) Gorgon Beast (Jun 03)
- RE: Internal Servers (noob post) R. DuFresne (Jun 04)
- Re: Internal Servers (noob post) Don Miesle (Jun 04)
- Re: Internal Servers (noob post) R. DuFresne (Jun 12)
- Re: Internal Servers (noob post) Jeffrey Walton (Jun 04)
- Re: Internal Servers (noob post) Wim Remes (Jun 04)
- Re: Internal Servers (noob post) R. DuFresne (Jun 12)
- RE: Internal Servers (noob post) R. DuFresne (Jun 04)
- Re: Internal Servers (noob post) Remo Cornali (Jun 08)
- Re: Internal Servers (noob post) ticktock123 (Jun 03)
- Re: Internal Servers (noob post) Sanjay Badala (Jun 08)
- <Possible follow-ups>
- Re: Internal Servers (noob post) avghacker (Jun 04)