Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: virus product pentest

from [Aleksander P. Czarnowski] Network Security [Permanent Link]
Subject: RE: virus product pentest
Date: Sun, 12 Sep 2004 21:30:34 +0200 
Hi,
I don't see any point of testing a common AV package against malware from 
wildlist because such testing is already performed on monthly basis in several 
safe labs due to certification scheme like VirusBulletin 100% for example. 
Secondly you can not provide a safe environment during pen-testing your 
customer systems so you brake fundamental security rules. You could download 
some virus collection that is floating around internet but keep in mind that to 
call a code a virus or worm it must replicate. So before judging that 
particular object is infected you need to replicate the samples. This requires 
again a safe lab without any external connections to networks. This is just a 
tip of an iceberg in terms of problems and issues related with using real 
malware. I am fully against such testing. 

You should also consider legal issue of such actions and possibility of malware 
escape which in turn will bring more legal actions and consideration.

The things you should at least check:
1. is there on-access scanner enable
2. is av system multilayered
3. what is the policy regarding removable media
4. how email is protected/scanned
5. how quarantines servers are setup and are they properly secured
6. how patch-management policy is implemented

Please note that this list forms rather a checklist for an audit not pen-test. 

At the end: do not use real malware if you do not know how to handle it and/or 
you don't have safe environment.
Best Regards,
Aleksander Czarnowski
AVET INS


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Achilles proxy for linux, Nicolas Montoza
Next by Date:  RE: virus product pentest, Debasis Mohanty
Previous by Thread:  Re: virus product pentest, buzz
Next by Thread:  RE: virus product pentest, Debasis Mohanty
Indexes:  [Date] [Thread] [Top] [All Lists]