From: Rob Shein (shoten@starpower.net)
Date: Mon Jan 26 2004 - 14:45:24 EST
> A Pen Test is only as good as the testers and is only a
> snapshot. However, a network that has been secured from the
> inside out, with a solid secure foundation should stand the
> test of time, even if it is compromised the attacker may not
> be able to roam freely and all their actions should be recorded.
There's another factor, which is the way that a pen-tester becomes engaged
by a weak point. In an assessment, a vulnerability is noted, and the tester
moves on, but in a pen-test, they engage that vulnerability, and follow it
like the beginning of a path into the network. Later, they can go back to
the starting point and find another path, but it's still like trying to map
the paths through the woods on foot; it's possible to miss one. On the
other hand, an assessment is more like mapping them from a low-flying
aircraft.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT