Re: Blue Team ROE

From: Pete Herzog (lists@isecom.org)
Date: Wed Mar 14 2007 - 08:43:39 EST

• Next message: AdamT: "Re: nbns spoofer"
• Previous message: zenmasterbob123@gmail.com: "Re: Blue Team ROE"
• In reply to: Angelacci, Anna M CTR SPAWAR, J616: "RE: Blue Team ROE"
• Next in thread: Tim Singletary: "RE: Blue Team ROE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I need to second what Anna says. If they are shopping for a Blue Team test
then why are you coming at them with Pen Test procedures? For a Blue Team
test, take a note from the OSSTMM, document what you don't do as much as
what you do like in its Security Testing Audit Report. And you don't need
to crawl through all the holes to identify them, define protection and
controls for them, and look to see who maybe was there before you. That's
a Blue Team test and it can be a very thorough audit. What it won't be is
a pen test.

-pete.

Angelacci, Anna M CTR SPAWAR, J616 wrote:
> Plan
> Prepare letter of consent, and letter of instruction. Blue teams do not
> penn test, Red teams do. Blue teams detect, protect, react, and recover.
> With your current methodology, you could lose your work.
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of mesenbrink@hotmail.com
> Sent: Thursday, March 01, 2007 2:45 PM
> To: pen-test@securityfocus.com
> Subject: Blue Team ROE
>
>
> List,
>
> I wanted to send out a general email asking the members of this list
> their professional opinions on being limited during a Blue Team
> pen-test. I have a govt customer that is trying deny us the ability to
> remove password hashes/files from the system for cracking, write
> procedures for every tool/exploit that could be possibly executed, not
> allow the loading of any tools/exploits on target systems, things like
> that..... Of course my reaction is that my company will not perform the
> assessment with such restrictions, what are some thoughts from this list
> on this subject?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: AdamT: "Re: nbns spoofer"
• Previous message: zenmasterbob123@gmail.com: "Re: Blue Team ROE"
• In reply to: Angelacci, Anna M CTR SPAWAR, J616: "RE: Blue Team ROE"
• Next in thread: Tim Singletary: "RE: Blue Team ROE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:39 EDT