From: Mike Shaw (mike@shawnuff.net)
Date: Mon Mar 22 2004 - 15:24:50 EST
On Mon, 22 Mar 2004 04:34:46 -0800 Keith Pachulski <keithp@corp.ptd.net>
wrote:
>Hey Dante
>
>I have run into this on numerous occasions while doing some consulting
>and have always with 100% failure caused them to realize the potential
>threat of this design.
Here's the issue: What is the threat? If all the customer/member data
resides at the processor, then what can an attacker do to an institution
via the processor that hasn't already been compromised?
Many small institutions also use the processor for mail storage and other
services. It's also common for a processor to perform other services
such as workstation tech support. What is the benefit to firewalling
off a bunch of workstations?
In many many cases, a firewall at the institution looks great on paper,
and might garner some consulting dollars...but it doesn't really *do*
anything for risk management.
-Mike
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:51 EDT