From: Rocky (pixscreenpoint@gmail.com)
Date: Mon Nov 06 2006 - 12:10:36 EST
I actually used nmap & nessus. The company don't want to
hire 3rd party pen-test engineer because of the cost,they have
presented a procedure and the cost is US$8,000.
What i did is just scanned the whole network for open ports and
vulnerablities and locked down the ports that are not need to be open
and get nothing but a lap dance hehe.
I did internal and external pen test.I actually told them that what
i did is only scanning not the real pen-test stuff.
Thank you all for replying.
Rocky
On 11/4/06, Stefano Zanero <s.zanero@securenetwork.it> wrote:
> Rocky wrote:
>
> > they wanted me to pen testing their network and i did
>
> 1) it is unethical to pen test a network you designed, because you
> already know what you will find, you already know the internals, so what
> kind of "penetration test" are you doing ?
>
> > using purely nmap.
>
> 2) Selling an nmap scan as a pen test is even worse than unethical.
>
> > Is there any simple and precise method for pen testing
> > small network?
>
> This process is composed of 2 steps
> 1) evaluate if a penetration test is really needed (it sounds as it
> probably isn't) and then
> 2) have your customer hire someone else than yourself, who can also in
> fact do a penetration test
>
> Sorry for the bluntness.
>
> Stefano
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT