leon, automated tools DOES NOT EQUAL a pen test. For many reasons. The least of which is the time to brute attack many hosts. Sounds like you are doing an internal audit. Many procedural issues need to be examined as well as the networks and hosts. # of people depends on the job size and how long you want it to take. Job size alone cannot determine the # of people. 1 women can make a baby in 9 months. 9 women can make a baby in one month, at least, that's what most IT project managers think. <grin>. I will give you more specifics off line. If you want them email me directly. George farm9 -----Original Message----- From: leon [mailto:leonat_private] Sent: Thursday, September 27, 2001 8:14 PM To: pen-testat_private Subject: how many computers are needed? Hi everyone, I have a basic question on pen-testing. How many consultants and computers goto a small to mid sized network (say 100 machines or fewer)? It seems that between nmaping every single port (tcp & udp) ((I asked this question a couple of days ago and the two responses I got suggested this)) on every single host (if this is what the customer wants), running things like ISS, Nessus or Scanner of choice, along with other tools like Whisker or l0phtcrack and etc, this could take an awful long time (not to mention cpu cycles). Do most people bring more then one laptop with them? Sorry if this is really basic I checked the archive and saw no mention of it. Cheers, Leon ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 28 2001 - 10:35:47 PDT