RE: Bank pen test

From: Andy Meyers (andy.meyers@hushmail.com)
Date: Thu Mar 02 2006 - 23:35:28 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would go for the throat and hit the most important servers (customers
financial information etc). This will make the biggest impact on them.
Seeing as how the most important servers can be cracked, why not all the
rest?

Ashes

- -----Original Message-----
From: Noe Espinoza Mancillas [mailto:nespinoza@grupowissen.com]
Sent: Thursday, March 02, 2006 2:57 PM
To: pen-test@securityfocus.com
Cc: nespinoza@grupowissen.com
Subject: Bank pen test

hello all!

now i'm still wait to start an internal penetration test in a bank .. they
have a lot of servers.. HP Ux, Win, Sun, Linux , etc. and now they are
using ISS (scanner) to find vulnerabilitys and then they make a remedation
with some scripts and other comercial tools... so..
now they need help becouse the ISS scanner every time that are running
found the same vulnerabilitys after patchs the servers. I told them that is
really importan to use some other diferents scanners and make an
penetration test to review if the vulnerabilities are really risk for the
bussines!!.. and they don`t accept it ..

buy they need it.. need to make a remediation of all the vulnerabilities in
all the 4000 servers!

so.. they ask for a pent test for only 20 servers.. and i don`t know how
can i select the number of servers that i need to test to be sure that all
the rest of the servers have the same vulnerabilitis!!.. ?

and what kind of tools can i use to make that!?

i never been in that kind of penetration test :(..

i think to use Core Ipact!

any sugestions?

regards

noe

-
----------------------------------------------------------------------------
- --
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis
(NBA) and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and
Response Systems in the Enterprise."

http://www.lancope.com/resource/
-
----------------------------------------------------------------------------
- --

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify/
Version: Hush 2.4
Charset: UTF8

wkYEARECAAYFAkQHx5AACgkQnZu7yPmLRpCOLACbB+QlorNoYZghP9V/7bx39ZZEIDgA
n2oZcAP3szt/lhFbMYxYZXCciHcE
=ZIbI
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:35 EDT