nanog mailing list archives

Re: Penetration Test Assistance

From: Joel jaeggli <joelja () bogus com>
Date: Tue, 05 Jun 2012 09:09:51 -0700

On 6/5/12 07:52 , Green, Timothy wrote:

Howdy all,

I'm a Security Manager of a large network, we are conducting a
Pentest next month and the testers are demanding a complete network
diagram of the entire network.  We don't have a "complete" network
diagram that shows everything and everywhere we are.  At most we have
a bunch of network diagrams that show what we have in various areas
throughout the country. I've been asking the network engineers for
over a month and they seem to be too lazy to put it together or they
have no idea where everything is.

I've never been in this situation before.  Should I be honest to the
testers and tell them here is what we have, we aren't sure if it's
accurate;  find everything else?  How would they access those areas
that we haven't identified?   How can I give them access to stuff
that I didn't know existed?

What do you all do with your large networks?  One huge network
diagram, a bunch of network diagrams separated by region, or both?
Any pentest horror stories?


Logical diagrams tend to elide the information consider unnecessary for
them to be suitably informative.

An ethernet switch with 560 network segments radiating out from it may
be accurate but not all that easy to parse or use.

Documentation needs to be sufficiently accurate and appropiate to the
tasks at hand, so it may be that you don't have what you need or perhaps
you do.

Thanks,

Tim

________________________________ This e-mail and any attachments are
intended only for the use of the addressee(s) named herein and may
contain proprietary information. If you are not the intended
recipient of this e-mail or believe that you received this email in
error, please take immediate action to notify the sender of the
apparent error by reply e-mail; permanently delete the e-mail and any
attachments from your computer; and do not disseminate, distribute,
use, or copy this message and any attachments.

Current thread:

Penetration Test Assistance Green, Timothy (Jun 05)
- Re: Penetration Test Assistance Andrew Latham (Jun 05)
  - Re: Penetration Test Assistance Peter Kristolaitis (Jun 05)
    - Re: Penetration Test Assistance Jason 'XenoPhage' Frisvold (Jun 05)
    - Re: Penetration Test Assistance Brett Watson (Jun 05)
    - Re: Penetration Test Assistance Bacon Zombie (Jun 05)
    - Re: Penetration Test Assistance Peter Kristolaitis (Jun 05)
- Re: Penetration Test Assistance Justin M. Streiner (Jun 05)
- Re: Penetration Test Assistance jim deleskie (Jun 05)
- Re: Penetration Test Assistance Joel jaeggli (Jun 05)
- Re: Penetration Test Assistance Quinn Kuzmich (Jun 05)
- RE: Penetration Test Assistance Baklarz, Ron (Jun 05)
  - Re: Penetration Test Assistance dennis (Jun 05)
- Re: Penetration Test Assistance William Herrin (Jun 05)
- Re: Penetration Test Assistance Aled Morris (Jun 05)
  - RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
- Re: Penetration Test Assistance Barry Greene (Jun 05)
  - RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
    - Re: Penetration Test Assistance Harry Hoffman (Jun 05)
    - Re: Penetration Test Assistance Brett Watson (Jun 05)

(Thread continues...)