Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Blue Team ROE
From: zenmasterbob123 () gmail com
Date: 14 Mar 2007 13:15:41 -0000

You've already had some good responses, but I thought I should throw in my 3 cents, having worked with gvt agencies.

They are going to be paranoid about *anything* you try to do, especially if it alters the system baseline.  I don't 
blame them, as there has been enough bad press about gvt agencies getting "penetrated", and they will have a natural 
concern that one of your operatives may leave a backdoor for themselves.  Still, it sounds like your best bet is to 
either forego the Red Team activities or simply walk away from the table.  

If you do decide to take tha task, make sure they document the limitations, then reference their requirements in your 
statement of work.  Then it will be clear to all concerned that you are limiting the attack vectors based on their 

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]