Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Penetration testing via shrinkware

Re: Penetration testing via shrinkware

From: <emaiwald_at_shell.fred.net>
Date: Thu, 3 Sep 98 13:16:41 EDT

Marcus wrote:
> Bill wrote:
> >What are the opinions on the thoroughness of shrinkwrap software
> >penetration testing? Is today's shrinkware more capable for penetration
> >testing (a single machine) than a human?
>
> I guess it depends on the human! :)
>

No argument there.

> Can a program do a better job of testing than a lame, clueless
> human? Sure! Can a program do a better job of testing than a
> fairly experienced security guru? No. Can a program do a better
> job of testing than an 3ll33t? No.
>
> By extension, I'd assume that someone was a lamer if they were
> using shrinkwrap. I'd assume they were bringing no native
> expertise to the table, and I'd only pay them "shop time"
> rates (e.g.: about $25/hr) instead of consultant rates
> (you pay consultants for expertise not their ability to
> click 'go').
>

Hold on one second. The use of automated tools may be more
time effective than using in house developed tools (why reinvent
the wheel?) I will agree that using ONLY the tools is not
helpful but the tools can provide the initial info to begin
probing for a penetration.
 
> One of the problems with shrinkwrap is that it's not a whole
> lot faster and it can overlook really stupid stuff that a
> human would detect in a heartbeat. For example, what about the
> customer who has a telnet listener on port 25 behind a screening
> router? The shrinkwrap will try to do DEBUG and WIZ on it but
> won't try to log in as root.
>

Again, no disagreement. However, the fact is that most clients
are not going to pay for an experienced person to test every
single machine or access point on their nets by hand. As with
everything else, there are tradeoffs. You tried to provide the
best service to the client for the best price.

In most cases, this is a combination of automated tools and
human expertise targeted at juicy looking access points.

Eric 

-- 
---------------------------------------------------------------------
Eric Maiwald, CISSP                                 emaiwald_at_fred.net
Director Security Services                               301-977-6966
Fortrex Technologies, Inc.                          North Potomac, MD
---------------------------------------------------------------------
Received on Sep 03 1998
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]