Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Testing a "rogue site"
From: "Alexander Sarras (SEA)" <Alexander.Sarras () SEA ERICSSON SE>
Date: Wed, 13 Sep 2000 08:41:01 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----Original Message-----
From: Missy, E [mailto:freehold () EROLS COM]
Sent: Monday, 11 September, 2000 11:36 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Testing a "rogue site"


"Karyn Pichnarczyk" wrote:
[snipped]
But unless you go by
the One and Only rule, you will not last long in the security trade:

1. Business Must Continue.

If this rule is not followed, then it doesn't matter how good or bad
the security posture is: the company just won't exist!

Therefore, the Business Demands of the company must be met,
AT ALL COSTS
including, regretfully and occasionally, the cost of bad security.

More and more, without security, companies can be
(temporarily) 'made to
not exist' - i.e. brought down, sometimes for an extended
period of time
if a sufficient hit is made.  Business will *not* continue
without data
and communications.  What's more inconvenient, a few 'extra' steps
between users and tasks (i.e. logging procedures, periodic
re-education,
etc.) or the inability to perform those tasks at all?   After all, we
all got used to waiting in airports to get through the metal
detectors.

That's my understanding, too, but I almost thought I was all alone there.
;->
On that example here, something that can be termed 'rogue' _stays_ outside
the firewall in my book. And won't enter the dmz unless _I_ am satiesfied
with security. Companies using sensitive data of any form tend to stay
longer in the bizz if they've implented a reasonable amount of security.

SaS

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1 Int.
Comment: Even paranoiacs have enemies!

iQA/AwUBOb8TB/NEKPH/spuMEQLuRwCfQNPQ2KcFvD17MbpF8RkyFT/QMGAAoPeN
ZLfSo1tlScRcqmdRldyKIBsY
=MRYV
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault