RE: Blue Team ROE

From: Dexter, Ben (Ben.Dexter@act.gov.au)
Date: Sun Mar 04 2007 - 20:52:19 EST

• Next message: Philosophil: "Re: The legal / illegal line?"
• Previous message: Sebastien Tricaud: "Re: Firewall config analysis"
• In reply to: mesenbrink@hotmail.com: "Blue Team ROE"
• Next in thread: McCarty, Eric C.: "RE: Blue Team ROE"
• Reply: McCarty, Eric C.: "RE: Blue Team ROE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would be asking the client if they think a malicious attacker will
abide by policy? How critical is the data? Are there legal ramifications
to public exposure?

Sounds like a good way to hide security issues behind red tape until
it's too late to me...any pen-test with that many restrictions will not
be worth conducting due to accuracy issues - your company will probably
be used simply to cover the customer's ass in the event something does
happen down the track.... i.e. "the results did not indicate any
issues..." without mentioning the restrictions on pen-testing - it could
possibly open you up for nasty legal stuff too...

Ben.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of mesenbrink@hotmail.com
Sent: Friday, 2 March 2007 6:45 AM
To: pen-test@securityfocus.com
Subject: Blue Team ROE

List,

I wanted to send out a general email asking the members of this list
their professional opinions on being limited during a Blue Team
pen-test. I have a govt customer that is trying deny us the ability to
remove password hashes/files from the system for cracking, write
procedures for every tool/exploit that could be possibly executed, not
allow the loading of any tools/exploits on target systems, things like
that..... Of course my reaction is that my company will not perform the
assessment with such restrictions, what are some thoughts from this list
on this subject?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
  
-----------------------------------------------------------------------
This email, and any attachments, may be confidential and also privileged. If you are not the intended recipient, please notify the sender and delete all copies of this transmission along with any attachments immediately. You should not copy or use it for any purpose, nor disclose its contents to any other person.
-----------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Philosophil: "Re: The legal / illegal line?"
• Previous message: Sebastien Tricaud: "Re: Firewall config analysis"
• In reply to: mesenbrink@hotmail.com: "Blue Team ROE"
• Next in thread: McCarty, Eric C.: "RE: Blue Team ROE"
• Reply: McCarty, Eric C.: "RE: Blue Team ROE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:37 EDT