Re: honeypot in conjunction with pen test?

From: Daniel Polombo (polombo@cartel-securite.fr)
Date: Fri Jun 07 2002 - 13:07:51 EDT

• Next message: Isherwood Jeff C Contr AFRL/IFOSS: "Tools for Detecting Wireless APs - from the wire side."
• Previous message: miguel.dilaj@pharma.novartis.com: "Re: Distributed crack of NTLM password hashes"
• In reply to: Mark Tinberg: "Re: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mark Tinberg wrote:

> If I may respectfully disagree, a pen-test *is* about getting in, and is
> distinct from an audit. To me (and this may just be a semantic
> difference) an audit is a completely different animal where the auditors
> spend several weeks/months on-site going over the client's procedures and
> network equipment with a fine toothed comb, as well as interviewing the
> admins. The report will contain things that should be tightened up as
> well as places where the written policy differs from what is implemented
> in the network hardware and where the admins differ from policy. It is
> not something that can be done remotely, although it may involve a
> pen-test for verification.

I tend to separate this into three different categories :

- the pen-test is all about getting in, as Mark said. Indeed, its very
name implies that the main purpose is to find _a_ hole, and not _all_
holes, the point (or one of the points, depending on the particulars)
being that if an experienced team of pen-testers cannot break into the
system, most hackers shouldn't either (note the "most", we all know
there's no such thing as perfect security).

- the vulnerability assessment is similar to the pen-test as far as the
tools and methods are concerned, but aims at identifying _all_
vulnerabilities in a target platform.

- the security audit is the full package, heavily relying on a formal
methodology, including a complete analysis of the client's security
policy and how it is applied, and so on.

But, of course, that's just me, and as far as I know, there's no
precise, widely accepted definition.

--
Daniel Polombo
Cartel Securite
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Isherwood Jeff C Contr AFRL/IFOSS: "Tools for Detecting Wireless APs - from the wire side."
• Previous message: miguel.dilaj@pharma.novartis.com: "Re: Distributed crack of NTLM password hashes"
• In reply to: Mark Tinberg: "Re: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT