Re: Network Hacking

From: Kevin Davisł (zkevindavisz@cfl.rr.com)
Date: 02/21/03

Next message: Kevin Davisł: "Re: Network Hacking"
Previous message: Kevin Davisł: "Re: Network Hacking"
In reply to: Wombat: "Re: Network Hacking"
Next in thread: Steven L Umbach: "Re: Network Hacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Kevin Davisł <zkevindavisz@cfl.rr.com>
Date: Fri, 21 Feb 2003 02:24:18 GMT

On Thu, 20 Feb 2003 15:16:43 -0500, "Wombat" <no.spam@wanted.here>
wrote:

>"Vanguyver" <vanguyver@hotmail.com> wrote in message
>news:058b01c2d919$e18450b0$2f01280a@phx.gbl...
>
>> This same teacher is on a network committee to improve
>> the network. Some way to improve the network!
>
>Controlled attacks are a common - and effective - method within the industry
>to verify security. This is why security firms get paid big bucks to
>attempt to infiltrate networks (always with permission of course). Again,
>the network admin should be required to take the course to learn what
>attacks are possible and/or likely.

Yes, external penetration tests by third party consultants are common.
How common are solicited penetration tests by third party consultants?
Never. There is always some entity with authority that has requested
such an analysis and therefore is knowledgable about it being
conducted.

>
>There were undoubtedly better ways to handle the situation

This is one of the worst ways to handle the situation.

> - informing the
>network admin(s) ahead of time would only be polite. Setting up a live fire
>range would be even better as the attacks could be contained and holes could
>be placed/patched as the course needed.

There are a few opinions about informing the network admin on either
end of the spectrum. However, regardless of what one's opinion of
that is, *someone* within the organization *must* be informed. This
may be the sysadmin's boss. Not only must they be informed, they must
have either requested it or agree to having it done.

---------------------------------------
What could possibly go wrong?

Next message: Kevin Davisł: "Re: Network Hacking"
Previous message: Kevin Davisł: "Re: Network Hacking"
In reply to: Wombat: "Re: Network Hacking"
Next in thread: Steven L Umbach: "Re: Network Hacking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

A Network IPS Proposal (was Definition of Zero Day Protection)
... I did a research on Network IPS a while back when the ... > api gating layers and are continuing to greatly ... > implementations have detection properties for zero ... > day attacks. ...
(Focus-IDS)
RE: Need help from a group of experts. I am not a network expert but I play one on tv.
... preventing file attachments alone won't stop all email attacks. ... Sonicwall is a good firewall...but any firewall depends on how well you ... I am not a network expert ... - Precisely Define and Implement Network Security ...
(Security-Basics)
RE: Pre-Scanning for Marketing
... The controlling interest of the network has to have a inclination to secure ... vulnerabilities are easily and efficiently identified. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
(Pen-Test)
Re: Biometrics
... I'd feel safer on an OS designed as such, not as a network client - ... the Internet is a world of strangers. ... Compare this Windows Vista: if someone ... lot of information about attacks from this data. ...
(microsoft.public.security)
Re: How secure is SSL emails?
... > - Your remailer generates no traffic eventually delivered to mailboxes ... > messages could subscribe to a remailer network, ... These attacks have long been known, ... Bob decides to work on the designs that can be built, ...
(sci.crypt)