Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Level of Exploitation
From: Egon Braun <mundoalem () gmail com>
Date: Thu, 11 Dec 2008 10:43:28 -0200

I have learned with experience that
what makes a flaw in a computer environment
a HIG PRIORITY FLAW is the one that
compromises the INFORMATION, not the server.

Servers can always be replaced, reconfigured,
updated and so one. You can always (in a last
option) to unplug it.

However, is the information that we from the
security area should be focused on.

What is more important for General Motors?
To have one dept. without internet because
a DoS attack or to have its new cars drawing
stolen be a cracker?

I consider HIGH, just the flaw that could
give access to the information of the company,
the others are always MEDIUM or LOW.

Of course, this tip does not apply to every case.
For example, in a shopping mall plublic internet
area, the HIG PRIORITY is to have the internet
access ALWAYS ON. There is no information to be

And we have lots of other cases ...

The best is to feel the company and think about
what is the "tresure" of the client, and try to protect
best it.

We from IT like to protect servers because we love
computers, but often the problem is not in the
servers but within people, policies, etc.
Egon Braun <mundoalem () gmail com>
Egon Braun <mundoalem () gmail com>

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]