Security Basics mailing list archives
Re: NASA Security Audit
From: Eric <eric () sandpile net>
Date: Wed, 08 Oct 2003 21:57:21 -0500
/Black box vs. crystal box./ In a "black box" test, the intrusion testers approach the test as an outsider, with no insider knowledge of the target environment. They will be running scanners and trying to see what is "visible". This is comparable to an attack from an anonymous (usually external) hacker.
In a "crystal box" test, the intrusion testers KNOW what they are attacking and what they expect to find. They may even be provided with many, if not all of the network diagrams and names, IP addresses, platforms, services and critical data for each and every device on the network. This is akin to a "disgruntled network engineer" attack, where they do not really have much access to the systems on the network, but where they KNOW what the systems are, where they're located, what they do and possibly even how they are configured.
As for your setup. It seems reasonable enough. I think they might appreciate the FTP access through the firewall though. :-)
Eric Hagen --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- NASA Security Audit Gregory M. Brown (Oct 08)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)
- PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- <Possible follow-ups>
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
- Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
- RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
- Re: NASA Security Audit Meritt James (Oct 10)
(Thread continues...)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)