[GLLUG] Penetration Test

Sean picasso@madflower.com
Sat, 25 Jan 2003 10:44:55 -0500 (EST) 

Knowing EDS's QOS, you probably did a better job too. 


On 24 Jan 2003, Brad Fears wrote:

> I'll second that.  The department I work for (state gov't, go figure)
> almost contracted EDS to conduct similar penetration tests for some of
> our servers.  EDS wanted $50K for two weeks of testing and reporting.  I
> was able to conduct the same level of testing with mostly open source
> software and a little creativity.  Given, not every company is as
> ridiculously priced as EDS, but in most cases, you can avoid
> professional testing altogether with a little investigation of your
> own.  Besides that, most companies that provide these types of services
> never offer much of an explanation about the nature of vulnerabilities,
> so you won't learn how to maintain a proper level of security as your
> infrastructure grows.
> 
> --Brad Fears
> 
> 
> On Fri, 2003-01-24 at 11:54, Hampton, Rodney wrote:
> > In short, don't hire a company until you've done your homework and gotten
> > the basics out of the way.  Make sure the penetration test you contract is
> > exposing things that you couldn't have discovered on your own.
> > 
> > My 0.02
> > 
> > 
> > 
> > 
> > Rodney Hampton
> > (sorry abou the HTML mail)
> > 
> > -----Original Message-----
> > From: Suzanne Reiner [mailto:sreiner@fnba.com]
> > Sent: Friday, January 24, 2003 10:39 AM
> > To: linux-user@egr.msu.edu
> > Subject: [GLLUG] Penetration Test
> > 
> > 
> > We're in the market for penetration testing.  If anyone knows of a reliable
> > company, I'm all ears.  FYI:  we will need detailed reporting (high-level
> > for the suits and tech detail for IT) with recommendations.  Familiarity
> > with banking/OCC proceedures a plus but, not necessary.
> > 
> > Cheers,
> > 
> > Suzanne
> > 
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
> > 
> > 
> > _______________________________________________
> > linux-user mailing list
> > linux-user@egr.msu.edu
> > http://www.egr.msu.edu/mailman/listinfo/linux-user
> 
> 
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
>