mailing list archives
Re: [PEN-TEST] Noisy ou stealthy ?
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Wed, 8 Nov 2000 10:32:55 -0600
This totally depends on what the client wants from us. Obviously,
sneaky attacks take a lot more time, but are usually a better
simulation of a skilled attacker. A lot of times, clients want
a report that shows how vulnerable they are to a full-blown
corporate espionage attack including social engineering, stealth
scanning and IDS Evasion, and possibly even phys-testing as well.
This sort of pen-test takes a lot of time, and is very expensive.
We do offer "quick & dirty" tests, but just using ISS, whisker &
nessus barely qualifies as a pen-test. We do manual attacks as
well. Basically it comes down to the scope of the pen-test:
do you want to only test how well the systems resist attacks?
do you want to see how your employees & systems HANDLE attacks?
Everything has a degree of real-ism... You can go totally fake
and pound the heck out of their systems with their permission
while they watch and ogle... or you can be realistically
stealthy, and actually simulate a high-level attack.
From: Nicolas Gregoire [mailto:nicolas.gregoire () 7THZONE COM]
Sent: Wednesday, November 08, 2000 10:17 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Noisy ou stealthy ?
just a question about methodology.
When you are doing some pen-tests, do you use the noisy way (full port
range scan, lot of scanning for cgi whitout IDS evasion techniques,
brute force attacks on FTP) or the sthealthy one ?
I think that the noisy way is easiest (just schedule a Nessus scan , a
whisker scan and an ISS scan for the night, read the results and attack)
but can't really test the efficacity of corporate defenses.
The stealthy way is more time-consuming, but more funny ....
So, what's your method ?