RE: how many computers are needed?

From: George Milliken (gmillikenat_private)
Date: Fri Sep 28 2001 - 09:27:52 PDT

Next message: H D Moore: "Re: BO2k Port?"

Previous message: Keith.Morgan: "TCG analysis of the ATA of 2001"
In reply to: leon: "how many computers are needed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

leon,

automated tools DOES NOT EQUAL a pen test.

For many reasons.  The least of which is the time to brute attack many
hosts.

Sounds like you are doing an internal audit.

Many procedural issues need to be examined as well as the networks and
hosts.

# of people depends on the job size and how long you want it to take.  Job
size alone cannot determine the # of people.

1 women can make a baby in 9 months.  9 women can make a baby in one month,
at least, that's what most IT project managers think.  <grin>.

I will give you more specifics off line.  If you want them email me
directly.

George
farm9


-----Original Message-----
From: leon [mailto:leonat_private]
Sent: Thursday, September 27, 2001 8:14 PM
To: pen-testat_private
Subject: how many computers are needed?



Hi everyone,

I have a basic question on pen-testing.  How many consultants and
computers goto a small to mid sized network (say 100 machines or fewer)?
It seems that between nmaping every single port (tcp & udp) ((I asked
this question a couple of days ago and the two responses I got suggested
this)) on every single host (if this is what the customer wants),
running things like ISS, Nessus or Scanner of choice, along with other
tools like Whisker or l0phtcrack and etc, this could take an awful long
time (not to mention cpu cycles).  Do most people bring more then one
laptop with them?

Sorry if this is really basic I checked the archive and saw no mention
of it.

Cheers,

Leon


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: H D Moore: "Re: BO2k Port?"
Previous message: Keith.Morgan: "TCG analysis of the ATA of 2001"
In reply to: leon: "how many computers are needed?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 10:35:47 PDT