On 2014-06-09 16:50, Evan Pettrey wrote:
My company is currently in the process of obtaining a pentester to test
security on our systems and one that a colleague of mine has recommended has
asked us for the below information:
* Public IPs
* Public DNS records
* Network map of full infrastructure
To me this seems like sitting to take a test and having a cheatsheet. The IPs
and DNS records should be easy enough to figure out on their own and the
network map I don't believe should be provided.
Am I just being too skeptical here or does this seem like inappropriate
questions to ask as a security auditors?
No, you're not. This is a classic, they ask you for as much details as
possible that might not look too suspicious, then highlight the fact you gave
so much details to a stranger as a security issue (which it would be).
--
Yves.
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
