From: Tommy May (tommymay@comcast.net)
Date: Thu Jun 21 2007 - 10:33:43 EDT
Thanks James... certainly good ideas. I'll keep your offer in mind...and who knows, maybe we can merge some efforts... I am slowly in the process of developing relationships with small companies, doing ad-hoc security stuff, mostly network troubleshooting...etc. But the need for assurance is on the rise...
Once again, thanks for taking the time and sharing perspective and experiences.
Tom
-------------- Original message ----------------------
From: "James Ruffer" <admin@unixbox.ws>
> Here is what we have been doing for the last couple of years.
>
> We collocated a couple of servers in a center that has no issue defending
> your pen-testing as long as you a legit and in contract with the
> company you are
> testing. This collocation facility also hosts porn so you can only imagine the
> legal staff.
>
> In October we updated our servers to XEN and consolidated our physical servers.
>
> We now just boot a VM with whatever base OS we would like to test
> using. We have
> 3 base OS's that we dub with our tools.
> We will also zip up the servers that we tested from and submit them to
> the client for later testing via DVD. We do not keep the XEN's after
> 45 days. Each XEN is encrypted.
>
> If you are not familiar with XEN is it just like VMWare ESX but free.
>
> If you would like we can set up some XEN servers for your testing. If
> all goes well
> who knows maybe that will be our new side business pen-testing hosting...hmmm
>
> James
>
> On 6/19/07, Morgan Reed <morgan.s.reed@gmail.com> wrote:
> > On 6/20/07, Tommy May <tommymay@comcast.net> wrote:
> > > Issue - A standard nessus scan or nmap will choke my service from a standard
> home based cable modem service.
> >
> > You will not likely find anybody who will be willing to allow this.
> >
> > > I need to have a solid provider that is "used to dealing with pen-test like
> customer businesses"... is there someone that you all may be able to recommend
> that won't cost an arm and a leg and will meet the requirements? (i.e. one
> that's home based, allows it to happen, has pen-testing customers. and doesn't
> cost any more than 100.00 a month).
> >
> > I highly doubt you will find one.
> >
> > > Any words of wisdom would be greatly appreciated.
> >
> > My best suggestion would be to find a permissive shell account or get
> > a co-lo server with it's own connection and use that (I have a root
> > shell on a tier 2 system that I use for these activities).
> >
> > You're unlikely to find any ISP who will do this for you so your best
> > bet is to go up a tier or two and get an unrestricted connection
> > attached to a remote server, you'll still have to read the contracts
> > carefully though.
> >
> > Morgan
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Are you using SPI, Watchfire or WhiteHat?
> > Consider getting clear vision with Cenzic
> > See HOW Now with our 20/20 program!
> >
> > http://www.cenzic.com/c/2020
> > ------------------------------------------------------------------------
> >
> >
>
>
> --
> Thank you for your time.
>
> James F. Ruffer III
> Ce|H MSCE, CNA, CCNA, & BSDI
> 1.518.271.1844 Mobile
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:53 EDT