Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disabling IPS for PENTEST

From: "gig" <gigabit () satx rr com>
Date: Mon, 6 Aug 2012 11:49:13 -0500
ok..so i do have experience with this as I've commissioned dozens of these types of assessments.
here is why it's smart to allow a bypass of the IDS/IPS....when you engage a 3rd party to do this work, you are paying for expertise and TIME.
Time is the important consideration because the 3rd party doesn't really have the luxury to attack your network using a "low and slow" methodology. They will generate a lot of noise that would trigger most IDS/IPS immediately....possibly blocking access in an automated way.
An advanced attacker would perform attacks on your network over the course of weeks or even months...probably using compromised PCs distributed across the world. Attacking this way, it's much easier to evade IPS/IDS technology.
In short, you have to consider why you are doing this assessment and what you want out of it.
If you seek better security, bypassing the IDS/IPS isn't a cop out...it's just a way to get better data in a faster timeframe. If you seek a "we're all good here" report, leave the IDS/IPS in place and flush your assessment dollars out the window. 


my 2 cents
----- Original Message ----- From: "Kid Tangerine" <kidtangerine () gmail com> 
To: <security-basics () securityfocus com>
Sent: Monday, August 06, 2012 8:57 AM
Subject: Disabling IPS for PENTEST



All,

Corporate has requested we get a PENTEST for our Internet facing
website from a third party, but the third party asked us to allow
their ip address to be excluded from our IPS.

Is that a common practice to basically turn off our protection and
allow them in?

Obviously we aren't developers, so If the code has sql injections,
cross site scripting, etc vulnerabilities we cannot fix it within the
corporate guidelines, and our only leverage from the IT infrastructure
side is to include the needed filters in the IPS to prevent their
crappy code from being exploited. It we turn off the IPS I am sure all
kinds of things will show up.

Any experience appreciated.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. 

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: