Re: honeypot in conjunction with pen test?
From: Daniel Polombo (polombo@cartel-securite.fr)Date: 06/07/02
- Previous message: miguel.dilaj@pharma.novartis.com: "Re: Distributed crack of NTLM password hashes"
- In reply to: Mark Tinberg: "Re: honeypot in conjunction with pen test?"
- Next in thread: Alex Russell: "Re: honeypot in conjunction with pen test?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 07 Jun 2002 19:07:51 +0200 From: Daniel Polombo <polombo@cartel-securite.fr> To: Mark Tinberg <tinberg@securepipe.com>
Mark Tinberg wrote:
> If I may respectfully disagree, a pen-test *is* about getting in, and is
> distinct from an audit. To me (and this may just be a semantic
> difference) an audit is a completely different animal where the auditors
> spend several weeks/months on-site going over the client's procedures and
> network equipment with a fine toothed comb, as well as interviewing the
> admins. The report will contain things that should be tightened up as
> well as places where the written policy differs from what is implemented
> in the network hardware and where the admins differ from policy. It is
> not something that can be done remotely, although it may involve a
> pen-test for verification.
I tend to separate this into three different categories :
- the pen-test is all about getting in, as Mark said. Indeed, its very
name implies that the main purpose is to find _a_ hole, and not _all_
holes, the point (or one of the points, depending on the particulars)
being that if an experienced team of pen-testers cannot break into the
system, most hackers shouldn't either (note the "most", we all know
there's no such thing as perfect security).
- the vulnerability assessment is similar to the pen-test as far as the
tools and methods are concerned, but aims at identifying _all_
vulnerabilities in a target platform.
- the security audit is the full package, heavily relying on a formal
methodology, including a complete analysis of the client's security
policy and how it is applied, and so on.
But, of course, that's just me, and as far as I know, there's no
precise, widely accepted definition.
-- Daniel Polombo Cartel Securite---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
- Previous message: miguel.dilaj@pharma.novartis.com: "Re: Distributed crack of NTLM password hashes"
- In reply to: Mark Tinberg: "Re: honeypot in conjunction with pen test?"
- Next in thread: Alex Russell: "Re: honeypot in conjunction with pen test?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
