Re: honeypot in conjunction with pen test?

From: Alex Russell (alex@netWindows.org)
Date: Tue Jun 18 2002 - 15:54:14 EDT

• Next message: Dave Aitel: "Re: RFP for conducting penetration tests"
• Previous message: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• In reply to: Javier Fernandez-Sanguino Pena: "honeypot in conjunction with pen test?"
• Next in thread: Woody Weaver: "RE: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Monday 17 June 2002 07:33 am, Javier Fernandez-Sanguino Pena wrote:
> A penetration test is not useful for the client if you just report
> a single hole and they close it.

Sure it is. Sometimes all a client needs is ammunition to take to the boss
to show them that they security budget they have been clamoring for is
really necessaray. What is and isn't "useful" is highly subjective in this
sense. Not to mention that the end utility of your service is for your
client to decide.

> If you want to do a real penetration
> test it should be broad in scope, i.e., detect _all_ holes that could be
> used to gain entrance and get in.

That's not a pen-test, that's a full on audit. 2 different beasts. Yes, an
audit is often significantly more useful, but it is not always appropriate.

> The fact that you exploit the holes and try to get in is the one
> that distinguishes it from a vuln assesment since you are:
>
> 1.- proving that the hole exists, so that false positives are (or should
> be) reduced to 0 in the reports
>
> 2.- prove that it can be exploited and thus determine the overall
> impact to
> security in the organization. That is you not only say "there is
> a hole here
> and people can get in" but: "there is a hole here and, due to the current
> security layout I can jump to your internal network and do so and so"

goes to your credibility, why would you do any less?

> I like to see penetration tests as both broad (check all the systems
> and all the vulnerabilities) and deep (exploit all the vulnerabilities to
> their maximum extent and determine the real consequences, i.e. _impact_
> of them in the client).

what you'd like to see and what clients are willing to pay for may be 2
different things.

-- 
Alex Russell
alex@SecurePipe.com
alex@netWindows.org
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Dave Aitel: "Re: RFP for conducting penetration tests"
• Previous message: Larry Youngquist: "Re: MORE: Tools for Detecting Wireless APs - from the wire side."
• In reply to: Javier Fernandez-Sanguino Pena: "honeypot in conjunction with pen test?"
• Next in thread: Woody Weaver: "RE: honeypot in conjunction with pen test?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT