> From: [email protected] [mailto:discuss- > [email protected]] On Behalf Of Evan Pettrey > > To me this seems like sitting to take a test and having a cheatsheet. The IPs > and DNS records should be easy enough to figure out on their own and the > network map I don't believe should be provided.
The argument, "the pentester should have to work for this information," just means "I want to pay the pentester for more hours, while they perform exhaustive scans of everything," as long as they're discovering publicly discoverable information. I say, it's fine. Yes you should consider DNS, IP addresses, and even your internal network map to all be public information. Anything which does not require authorization in order to discover. Do not rely on obscurity even a little bit. Anything that could be discovered by an unauthorized person with time to spend searching, simply consider it exposed right from the start. For example, one of the things the pentester will do is: "I see you have something listening on port 443. Now I'll browse to https://your-ipaddress."; Since they typed in your ip address, they don't necessarily know if your SSL cert matches. Your cert subject name might be a wildcard *.domain.com, in which case, they don't know what DNS name your users use to access the site, and therefore don't know if you're giving a valid cert to your users. And so on. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
