Security Basics mailing list archives
RE: Disabling IPS for PENTEST
From: "Wells, Sean" <Sean.Wells () avistacorp com>
Date: Mon, 6 Aug 2012 14:42:40 +0000
It depends on what the focus of the test is. Are you trying to see how vulnerable your website is to attack on its own or are you trying to assess how secure it is in your environment? If it's the latter, the IDS should be part of the test and left on as turning it off only makes the report look worse. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of haZard0us Sent: Monday, August 06, 2012 7:19 AM To: Kid Tangerine Cc: security-basics () securityfocus com Subject: Re: Disabling IPS for PENTEST I don't have any experience, but I think that disabling the IDS/allowing their IP is wrong. The main purpose of a pen test is to assess the vulnerabilities on your system. An attacker has to deal with the IDS. If you disable for them, just makes their job easier. If I were the one to decide, I would say no. But, once again, I got no experience. A 06/08/2012, às 14:57, Kid Tangerine escreveu:
All, Corporate has requested we get a PENTEST for our Internet facing website from a third party, but the third party asked us to allow their ip address to be excluded from our IPS. Is that a common practice to basically turn off our protection and allow them in? Obviously we aren't developers, so If the code has sql injections, cross site scripting, etc vulnerabilities we cannot fix it within the corporate guidelines, and our only leverage from the IT infrastructure side is to include the needed filters in the IPS to prevent their crappy code from being exploited. It we turn off the IPS I am sure all kinds of things will show up. Any experience appreciated. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Disabling IPS for PENTEST Kid Tangerine (Aug 06)
- Re: Disabling IPS for PENTEST khushal201301 (Aug 06)
- Re: Disabling IPS for PENTEST haZard0us (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Mike Kallies (Aug 07)
- RE: Disabling IPS for PENTEST Wells, Sean (Aug 06)
- Re: Disabling IPS for PENTEST Rajiv D (Aug 06)
- Re: Disabling IPS for PENTEST Jose Fuertes (Aug 06)
- Re: Disabling IPS for PENTEST Alun Morgan (Aug 06)
- Re: Disabling IPS for PENTEST Shane Anglin (Aug 06)
- Re: Disabling IPS for PENTEST Reginald%20Wheeler (Aug 06)
- Re: Disabling IPS for PENTEST gig (Aug 07)
- Re: Disabling IPS for PENTEST RobOEM (Aug 07)
- <Possible follow-ups>
- Re: Re: Disabling IPS for PENTEST savvy95 (Aug 06)