Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Testing large networks

from [Davi Ottenheimer] Network Security [Permanent Link]
Subject: Re: Testing large networks
Date: Mon, 07 Mar 2005 08:45:12 -0800 
It helps to be extremely familiar with the organization and understand how they 
rate/value their assets. That will bridge your vulnerability reports to their 
strategic view of risk, as well as day-to-day processes. Understanding the 
relevant compliance and regulatory issues will also help, as you can show that 
specific vulnerabilities translate into real penalties for non-compliance. In 
other words, if your client is a hospital, then your investigation and scanning 
should be at least able to demonstrate familiarity with patient 
confidentiality, and critical system availability, etc. as well as the Health 
Insurance Portability and Accountability Act of 1996 (HIPPA)...


Dan Rogers <pentestguy@gmail.com> 03/05/05 08:05AM >>>

[...]
So how do you lot approach testing a lage network? Also, how do you
decide what to report to the client on?

Cheers

Dan
************************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  
the 
sender immediately and do not disclose the contents to anyone or make copies.

This email was scanned for viruses, vandals and malicious content.
via mail3.westmarine.com
*************************************************************************************************
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Null Session, Wbsony
Next by Date:  RE: Testing large networks, Piskovatskov, Alexey
Previous by Thread:  Re: Testing large networks, Anders Thulin
Next by Thread:  RE: Testing large networks, Piskovatskov, Alexey
Indexes:  [Date] [Thread] [Top] [All Lists]