Re: Blue Team ROE

From: zenmasterbob123@gmail.com
Date: Wed Mar 14 2007 - 08:15:41 EST


('binary' encoding is not supported, stored as-is) You've already had some good responses, but I thought I should throw in my 3 cents, having worked with gvt agencies.

They are going to be paranoid about *anything* you try to do, especially if it alters the system baseline. I don't blame them, as there has been enough bad press about gvt agencies getting "penetrated", and they will have a natural concern that one of your operatives may leave a backdoor for themselves. Still, it sounds like your best bet is to either forego the Red Team activities or simply walk away from the table.

If you do decide to take tha task, make sure they document the limitations, then reference their requirements in your statement of work. Then it will be clear to all concerned that you are limiting the attack vectors based on their instructions.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:39 EDT