Re: Converged Network Assessment

From: lucien Fransman (lucien.fransman@irc2.nl)
Date: Sun Feb 05 2006 - 14:41:54 EST

• Next message: Bob Radvanovsky: "Re: Converged Network Assessment"
• Previous message: Petr.Kazil@eap.nl: "Re: SAP R/3 password encryption ?"
• In reply to: joseph@cibir.net: "Converged Network Assessment"
• Next in thread: Bob Radvanovsky: "Re: Converged Network Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Friday 03 February 2006 20:01, joseph@cibir.net wrote:

In answer to your mail:
reading the list it seems as a marketing version what most other companies
would offer. That said, the meaning of the term assessment differs from
company to company (and indeed from person to person).

to make the listmore accessable, I would say it amounts to something like:

an external/internal portscan of your network, someone to look over the pbx
settings, a wardialer scan over your phonenumbers, checking your IDS ruleset
and someone with a wireless/bluetooth sniffer wandering around in your
company. The pentest looks promising, but beware of quality issues. A pentest
is worthless if the person conducting the pentest isn't good, and if the
person doing the pentest isn't able to reach its goal ( root account on
several servers, access to the payroll database, whatever), it just says that
that person isn't able to breach your defenses.

The sans assessment is (as far as I can make out) a crosscheck of the 10 or so
most horrible vulnerabilities as reported by SANS.

IMHO, the worth of something like this isn't so much in the outcome of the
individual parts as in the resulting collaboration of the results.

- What does it mean for your company,
- is there something fundamental lacking,
- Is the outcome what you expected
and last but not least:
- Can you do something usefull with the results

This depends a lot on the individual(s) doing the testing.

My advice would be to have a talk with these people, and ask them of sample
(stripped) deliverables, and see if they fit with your expectations.

--
Kind Regards,
Lucien Fransman, 
Information Risk Control
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Bob Radvanovsky: "Re: Converged Network Assessment"
• Previous message: Petr.Kazil@eap.nl: "Re: SAP R/3 password encryption ?"
• In reply to: joseph@cibir.net: "Converged Network Assessment"
• Next in thread: Bob Radvanovsky: "Re: Converged Network Assessment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT