From: Yonatan Bokovza (Yonatan@xpert.com)
Date: Mon Jul 05 2004 - 05:17:14 EDT
> -----Original Message-----
> From: gilles.lami@hays-dsia.fr [mailto:gilles.lami@hays-dsia.fr]
> Sent: Friday, July 02, 2004 11:19
> To: pen-test@securityfocus.com
> Subject: hacking challenges
>
>
> Hello,
>
> What do you think about the numerous hacking challenges
> present on the web
> ?
> Do you think a good pen-tester should (or must ?) do these
> games and pass
> all levels of each one ?
> If so, well ... Why ? (Even if the answer of this question could be
> obvious).
Some of these challenges are pretty good in representing
real-world scenarios, and some are pretty bad. There is a lot
more to penetration testing than these challenges, but a good
penetration tester should be able to deal with most of them.
> Another thing very different, and i am sorry for this
> question i guess most
> of you must have already ridden several times:
> I have to build an action plan to specify how to react after
> a successfull
> hacking has been detected or suspected ( on a Windows or Unix
> machine for
> the moment )
> What good readings could you advise ?
That is a topic called "Incident Handling". There is a different securityfocus
mailing list for that, and I'd recommend reading CERT's CSIRT
(Computer Security Incident Response Team) FAQ
http://www.cert.org/csirts/csirt_faq.html
and CSIRTs handbook:
http://www.cert.org/archive/pdf/csirt-handbook.pdf
Best Regards,
Yonatan Bokovza
IT Security Consultant
Xpert Systems
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:57 EDT