Re: Security Testing Question

From: HG (none_at_none.com)
Date: 03/23/04

  • Next message: Jam Live: "Re: Security Testing Question" 
    Date: Tue, 23 Mar 2004 14:53:14 GMT

    Jam,

    Start by testing yourself right now, then if all your test ar not consistent
    with each other look for a vendor to try to address these issues.

    What is it that you want to test? Website only? Network Access? Firewall
    penetration, IDS?

    Let me know....

    GX

    "Jam Live" <Jam@jam.org> wrote in message
    news:zbp6c.24526$Y%6.2507446@wards.force9.net...
    > Firstly......thanks for taking time to read this
    >
    > I have been lookin to find some form of testing on my companys site,, Im
    > only a junior and not very clue'd up on testing security.
    >
    > I have noticed some sites selling this service doing such tasks as Network
    > Security Assessment, Im sceptical to have this done as you can imagine it
    > cost some serious expense.. The compay i work for is relativley small < 30
    > users,, however this still is a concern of mine.
    >
    > They mention things like Arp poisoning Dns poisoning (The site does host
    its
    > own website / SBS server for the full domain....) so im worried.. Should i
    > pay for this security probing OR should be trying to test it myself. If so
    > how should i do this,, Mostly im trying to find out how i can probe and
    > thoughrly test the issues i have with my site. (If any) ok SBS hosting DNS
    > WEB AD WINS ISA is not reported to be secure but how can 1) i prove it
    aint
    > 2) test it to find out for sure ?
    >
    > Can anyone help me on this in a legitamate fashion ?
    >
    > Jam
    >
    >
    >

  • Next message: Jam Live: "Re: Security Testing Question"

    Relevant Pages

    • [NEWS] Wonderware SuiteLink Denial of Service Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Vendor Information, Solutions and Workarounds ... Core sends the advisory draft to Wonderware support team. ...
      (Securiteam)
    • [Full-Disclosure] Security Industry Under Scrutiny: Part 3
      ... > varying degrees of 'faith' in the security industry. ... site admins and other whitehats. ... > architect would be notifying the software vendor alone... ... Full disclosure isn't so much a tool to get vunerability information ...
      (Full-Disclosure)
    • [NT] Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass (MS0
      ... Get your security news from a reliable source. ... Internet Explorer Zone Elevation Restrictions Bypass and Security Zone ... Vendor Information, Solutions and Workarounds: ... Core sends an advisory ...
      (Securiteam)
    • RE: Vendor wants remote control of our Servers and Workstations
      ... Of course the age-old problem with security is that ... Vendor has significant access to your internal ... this vendor uses the same method to support a number ... customer and makes significant changes ... ...
      (Security-Basics)
    • Security researchers organization
      ... of security researchers, plain and simple. ... better than the vendor itself. ... industry, telecommunications industry and banking industry has ( ... These are all common ideals we can agree and act upon, ...
      (NT-Bugtraq)