From: intel96 (intel96@bellsouth.net)
Date: Mon Mar 06 2006 - 13:53:42 EST
Johnny,
I normally send any pentest or VA document via e-mail if the client is
not within my geographic region. If the client is within my area I
always hand-deliver a hard-copy and an electronic copy with all
supporting documentation (if requested) on a CD. I normally provide a
PDF copy of the report which has been digital signed and locked. I have
provided clients with MS Word documents, but I had one person take one
for a Cisco Router/Switch assessment and start selling the document to
other clients that he found in the area.
Any copies that I transmit via e-mail are encrypting using an
application that I wrote that encrypts the document using AES, creates
an .exe., zips the files and than emails it from Outlook. I provide the
client the password via phone. You can also use WinZip with AES
encryption to send the files. If the files are very large, I will post
the encrypted file to a secure location on an FTP or web site for the
client to download. Once the client has downloaded the file I have a
program that disables the download from the web site or FTP site
automatically.
I hope that information helps.
Intel96
johnny Mnemonic wrote:
> Hi
>
> I'm interested in the group's feedback on the most accepted way to
> deliver a final PT report to a client. Best practices indicate that
> reports are only sent to a select group of people in each of the
> Red/White/blue teams, and docs are sent via encrypted email and/or the
> document itself encrypted with public/private keys exchanged at the
> start of the engagement. I've even heard that sending electronic
> copies of the report is a no-no and only a hardcopy should be couried.
> Could someone weight in on caveats and/or industry standards for
> report delivery?
>
> Also how would report delivery best practices from an internal pesting
> team differ (if at all) from that of a third party consulting outfit.
>
> Many thanks.
>
> _________________________________________________________________
> Find just what you are after with the more precise, more powerful new
> MSN Search. http://search.msn.com.sg/ Try it now.
>
>
> ------------------------------------------------------------------------------
>
> This List Sponsored by: Lancope
>
> "Discover the Security Benefits of Cisco NetFlow"
> Learn how Cisco NetFlow enables cost-effective security across
> distributed enterprise networks. StealthWatch, the veteran Network
> Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow
> to provide scalable, internal network security. Download FREE
> Whitepaper "Role of Network Behavior Analysis (NBA) and Response
> Systems in the Enterprise."
>
> http://www.lancope.com/resource/
> ------------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------------
This List Sponsored by: Lancope
"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."
http://www.lancope.com/resource/
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:37 EDT