Re: Proposal?

From: Martin Wasson (martin_wasson@mastercard.com)
Date: Mon Feb 03 2003 - 14:40:22 EST

• Next message: Anders Thulin: "Application-based fingerprinting ?"
• Previous message: bart2k@hushmail.com: "Re: Proposal?"
• Maybe in reply to: Ryan: "Proposal?"
• Next in thread: Pete Herzog: "RE: Proposal?"
• Reply: Pete Herzog: "RE: Proposal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ryan,
Here are some items you may wish to include. It's off the top of my head,
so they're not in any particular order. But you'll want your doc to flow
nicely, so arrange them as logically as you can. That's all I can think of
at the moment. Use whatever ones you like :

scan request submitted by:
the requester/submitter's department:
an emergency contact including email/pager/cell # if the scan causes
problems/outages: (you)
outline the specifics of the scan:
who owns the box you'll be scanning:
has the box/data owner been notified, and do they need to approve the scan:
how you will back-out if the scan goes awry:
will an outage need to be scheduled for the scan:
what are the possible external customer impacts of the scan:
what are the possible internal customer ( your co-workers) impacts of the
scan:
what is the reason for the scan:
what hardware platform is the scan being done from:
what hardware platform is being scanned:
what tools you will be using to perform the scan:
a description of each tools' purpose:
what is the risk severity of the scan: (will you be employing D.O.S.
techniques, as nessus or iss internet scanner might do)
when you will begin:
when you will end:
who has approved the scan:
what individuals/departments have been notified of the scan:

Marty Wasson

                                                                                                                                       
                      "Ryan"
                      <ryan@packetwatch To: <pen-test@securityfocus.com>
                      .net> cc: (bcc: Martin Wasson/STL/MASTERCARD)
                                               Subject: Proposal?
                      02/02/03 11:03 AM
                                                                                                                                       
                                                                                                                                       

Hi,

I am going about doing my first pen-test, and I'm at the point of
writing my proposal with specific details, like the machine's IP address
and host name, the time of day I will be working, and what I'd like to
do. I will be performing a pen-test on one specific server. I was
wondering if anyone could give me a guideline (format) of how to do
this. I was told by them that they are looking for a 1-2 page writeup.
Thanks.

Ryan

----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Anders Thulin: "Application-based fingerprinting ?"
• Previous message: bart2k@hushmail.com: "Re: Proposal?"
• Maybe in reply to: Ryan: "Proposal?"
• Next in thread: Pete Herzog: "RE: Proposal?"
• Reply: Pete Herzog: "RE: Proposal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT