) and
slow and low attacks.
Best of Luck,
Dennis
--
From: "Baklarz, Ron"
Sent: Tuesday, June 05, 2012 12:41 PM
To: "Green, Timothy"
Cc:
Subject: RE: Penetration Test Assistance
Not discounting the need for network
On Jun 5, 2012, at 11:34 AM, Darden, Patrick S. wrote:
>
> I'm with Barry--a network diagram showing everything from the pov of the pen
> team should be part of the end report.
Maybe, maybe not. It all depends on the scope of the engagement. I've had
customers ask for very specific pen test o
On 12-06-05 03:48 PM, Brett Watson wrote:
On Jun 5, 2012, at 9:52 AM, Peter Kristolaitis wrote:
As far as horror stories... yeah. My most memorable experience was a guy
(with a CISSP designation, working for a company who came highly recommended)
who:
- Spent a day trying to get his Ba
You should have a look at the Pentest Standards page, it was created
by some very skilled Pen Testers how are trying to create a minimum
standard for all tests and reporting.
http://www.pentest-standard.org/index.php/Main_Page
Also you should just have to give them your external net-block
allocat
On Jun 5, 2012, at 9:52 AM, Peter Kristolaitis wrote:
>
> As far as horror stories... yeah. My most memorable experience was a guy
> (with a CISSP designation, working for a company who came highly recommended)
> who:
>- Spent a day trying to get his Backtrack CD to "work properly". Whe
The bit of information that's missing here is what are you trying
to pentest, and by extension how much do you want to pay your pentest
firm?
For some folks a pentest means starting with zero information and
trying to get IP packets passed a firewall or IDS's undetected.
Basically pentesting laye
There are lots of reasons why a pentester would want a network diagram.
The foremost being a point to which they can say, these are the networks
that I was given as a point of reference to pentest.
This is often a CYA policy for when people start complaining about the
scanning that is going t
I'm with Barry--a network diagram showing everything from the pov of the pen
team should be part of the end report.
--p
-Original Message-
From: Barry Greene [mailto:bgre...@senki.org]
Hi Tim,
A _good_ pen test team would not need a network diagram. Their first round of
penetration t
Seriously.
--p
-Original Message-
From: Aled Morris [mailto:al...@qix.co.uk]
I'd treat this as the first of their pen tests - a social engineering
attack to obtain secret information about the network, and refuse.
Aled
Hi Tim,
A _good_ pen test team would not need a network diagram. Their first round of
penetration test would have them build their own network diagram from their
analysis of your network.
Barry
On Jun 5, 2012, at 7:52 AM, Green, Timothy wrote:
> Howdy all,
>
> I'm a Security Manager of a l
On Jun 5, 2012, at 12:52 PM, Peter Kristolaitis wrote:
> In general, my experience with most "pen testers" is a severe disappointment,
> and isn't anything that couldn't be done in-house by taking the person in
> your department who has the most ingrained hacker/geek personality, giving
> them
On 5 June 2012 15:52, Green, Timothy wrote:
> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a Pentest
> next month and the testers are demanding a complete network diagram of the
> entire network.
>
>
I'd treat this as the first of their pen tests - a social engineer
On 6/5/12, Green, Timothy wrote:
> I'm a Security Manager of a large network, we are conducting a Pentest next
> month and the testers are demanding a complete network diagram of the entire
> network. We don't have a "complete" network diagram that shows everything
> and everywhere we are. At mo
On 12-06-05 11:32 AM, Andrew Latham wrote:
On Tue, Jun 5, 2012 at 10:52 AM, Green, Timothy
wrote:
Howdy all,
I'm a Security Manager of a large network, we are conducting a Pentest next month and the
testers are demanding a complete network diagram of the entire network. We don't have a
"
Passenger Railroad Corporation (AMTRAK)
10 G Street, NE Office 6E606
Washington, DC 20002
bakl...@amtrak.com
-Original Message-
From: Green, Timothy [mailto:timothy.gr...@mantech.com]
Sent: Tuesday, June 05, 2012 10:53 AM
To: nanog@nanog.org
Subject: Penetration Test Assistance
Howdy a
It's not much of a penetration test, imho, if the "attackers" have detailed
knowledge of your network and systems before the attack. You should
determine what kind of a scenario you are trying to simulate, and how the
results will be used to improve security. Is this a "black box" situation,
wher
On 6/5/12 07:52 , Green, Timothy wrote:
> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a
> Pentest next month and the testers are demanding a complete network
> diagram of the entire network. We don't have a "complete" network
> diagram that shows everything and eve
A complete diagram makes their life easier, may make for a more
complete test, but they are working for you, so if you don't have it,
you don't have. I'm not a big fan of having a single diagram with
everything laid out anyway, but I'm from the old shcool.
-jim
On Tue, Jun 5, 2012 at 11:52 AM,
On Tue, 5 Jun 2012, Green, Timothy wrote:
I'm a Security Manager of a large network, we are conducting a Pentest
next month and the testers are demanding a complete network diagram of
the entire network. We don't have a "complete" network diagram that
shows everything and everywhere we are.
On Tue, Jun 5, 2012 at 10:52 AM, Green, Timothy
wrote:
> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a Pentest next
> month and the testers are demanding a complete network diagram of the entire
> network. We don't have a "complete" network diagram that shows eve
Howdy all,
I'm a Security Manager of a large network, we are conducting a Pentest next
month and the testers are demanding a complete network diagram of the entire
network. We don't have a "complete" network diagram that shows everything and
everywhere we are. At most we have a bunch of netwo
21 matches
Mail list logo