RE: Security Posture Assessment
From: Robert Masse (rmasse_at_gosecure.ca)
Date: 11/16/03
- Previous message: R. DuFresne: "Re: Security Posture Assessment"
- Maybe in reply to: Bob: "Security Posture Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 16 Nov 2003 08:42:21 -0500 To: <pen-test@securityfocus.com>
Some thoughts:
It all depends on the volume.
We recently completed a war dial of 30,000 numbers and let me tell you
that this is not a technology issue but a project management issue.
-Profiles are 10K maximum in Phone sweep
-10 different time zones to deal with
-Each time zone/profile has different start/stop times (business hours,
off hours, weekends, etc)
-Make sure you have some sort of quality control to check every XX
number
-The 'automatic system recognition' isn't perfect so you need to do
followups
So if you need to test 1000 numbers any open source/free product will
do. But for any type of industrial work you will need Phonesweep. If
this is your business, it's a simple investment that should pay itself
off quickly. For many of our general IT audits we include a modem
sweep.
Rob
-----Original Message-----
From: William J. Craig [mailto:wjcraig@netteksecure.com]
Sent: November 13, 2003 8:51 AM
To: Bob; pen-test@securityfocus.com
Subject: RE: Security Posture Assessment
Toneloc will run on com port 1 or 2 with any of the us robotic modems.
However phone sweep is the best risk assessment tool for war dialing. It
has built in brute forcing and reporting.
-----Original Message-----
From: Bob
Sent: Sun 11/9/2003 9:33 PM
To: pen-test@securityfocus.com
Cc:
Subject: Security Posture Assessment
I am looking for imput from folks who have performed security
posture assessments as to the best free alternative to Phone Sweep. I
have heard good things about toneloc, but have been unsuccessful at
getting it to initialize any of the five modems I have attempted. The
basic configuration seems to be no more complicated than a COM port and
an IRQ setting so please let me know if you think there is something I
am missing. If you have gotten it to work what do you think is the best
modem for toneloc?
------------------------------------------------------------------------
--- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
- Previous message: R. DuFresne: "Re: Security Posture Assessment"
- Maybe in reply to: Bob: "Security Posture Assessment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
