Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Moving from Defense to Offense (or vice versa) to secure your networ

from [Erin Carroll] Network Security [Permanent Link]
Subject: RE: Moving from Defense to Offense (or vice versa) to secure your network
Date: Sun, 27 Nov 2005 19:32:45 -0800 
 
<snip>

Conducting routine audits (both scheduled and un-scheduled), 
forensics management (break-in attempts, viruses, trojans, 
etc.), policy management (in most cases, this can represent 
almost as much as 70% of the network securification process 
-- without a good policy, nothing will have any significance 
or meaning), and more.  Pentesting is just 1-3% of the entire 
securification process.


You won't find me disagreeing with anything in what you said here Bob. One
thing I wanted to mention was how forcing yourself to think outside your
normal comfort level can bring some unexpected benefits. I recently sub'd
out some pen-test work to someone (due to scheduling conflicts) whose
background was all on the defense side of things. A comment he made that
really touched off my initiating this discussion was that he was learning a
hell of a lot from using some of the standard pen-test tools out there
(nessus, nmap etc) in ways that were outside his normal usage. While some
tools were new, others (such as nmap) that he had experience with were
making him use it in different ways than his norm due to the nature of
pen-testing, and opening a new insight into security as a whole as a result.

While I completely agree that a complete security model should incorporate
facets of audits, policy management, forensics, etc. it never occurred to me
that the very nature of pen-testing methodologies would be such an eye
opener for a person whose background in security is rather lengthy and
accomplished. I'm thinking it would beneficial for any security group to
play with pen-testing for a spell just to see what new insights and skill
sets they can glean.


-Erin Carroll
SecurityFocus pen-test list moderator

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.8/184 - Release Date: 11/27/2005
 


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: DISA Security Readiness Review Evaluation Scripts, Matt
Next by Date:  Re: Password cracking / recovery Lotus Notes R6, Simon Marechal
Previous by Thread:  Re: Moving from Defense to Offense (or vice versa) to secure your network, Bob Radvanovsky
Next by Thread:  RE: Moving from Defense to Offense (or vice versa) to secure your network, Evans, Arian
Indexes:  [Date] [Thread] [Top] [All Lists]