Firewall Wizards mailing list archives
Penetration testing via shrinkware
From: "Stout, Bill" <StoutB () pios com>
Date: Wed, 02 Sep 1998 19:22:34 -0400
What are the opinions on the thoroughness of shrinkwrap software penetration testing? Is today's shrinkware more capable for penetration testing (a single machine) than a human? I'll take one example of a tool, Internet Security Scanner. It can do a complete external scan of the currently known vulnerabilities of a machine or subnet. ISS is very consciensious of keeping up to date with vulnerabilities. Some counter-points I have are: o The human needs to do data collection about the target through whois, nslookup, search engines, anonymous or spoofed phone calls, etc. o The human element still needs to select the targets, the connection path (dial-up, X.25, Internet, hops via private links, etc), the social engineering, the password crackers, etc. o The human also needs to define the D.O.S. threshold of the target, and limits on brute force efforts. o The tests won't detect sniffers installed at the target's ISP. Say someone wants to do penetration testing and security auditing for a company, and use various types of shrinkware to do it. Any comments? Bill Stout
Current thread:
- Penetration testing via shrinkware Stout, Bill (Sep 03)
- Re: Penetration testing via shrinkware Bennett Todd (Sep 03)
- Re: Penetration testing via shrinkware Sheila //or// Bob (depends on who's writing) (Sep 06)
- Re: Penetration testing via shrinkware Stephen P. Berry (Sep 06)
- <Possible follow-ups>
- Re: Penetration testing via shrinkware Marcus J. Ranum (Sep 03)
- Re: Penetration testing via shrinkware emaiwald (Sep 03)
- Re: Penetration testing via shrinkware Dominique Brezinski (Sep 03)
- Re: Penetration testing via shrinkware Ryan Russell (Sep 03)
- RE: Penetration testing via shrinkware Gary Crumrine (Sep 03)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
- Re: Penetration testing via shrinkware tqbf (Sep 17)
- RE: Penetration testing via shrinkware Christopher Nicholls (Sep 07)
(Thread continues...)