Penetration Testing mailing list archives
Re: [PEN-TEST] Testing a "rogue site"
From: "Missy, E" <freehold () EROLS COM>
Date: Sun, 10 Sep 2000 14:00:48 -0400
Mike -- Run, don't walk. :) This is a perfect setup and yours will be the first head to roll when - not if - they end up hacked. I don't think what you describe is uncommon, I have experience with other companies trying to 'phase in' security over a period of years :) for example. Field offices and other divisions don't like handing over control of their networks to one guy who isn't on site ('he doesn't know how we do things, our needs, etc.'). Unless top management lays it down it won't happen, and a lot of times top's too interested in protecting rice bowls -- not ticking off the division head who's brought in a big contract and wants to run that office *his* way, say. Listen to your instincts. I believe you're trying to be cooperative and a team player, and you're clearly interested in security and learning as much as you've can, but you've already figured out what the problem is in the title of your email - 'rogue sites'. They're not playing on the team, or you wouldn't be using the word 'rogue'. The company is evidently not quite behind the idea of having a security policy actually in effect, or they wouldn't allow any 'rogue sites'. IMO that means they won't back you up as Security Manager when - not if - there's trouble. Those sites could eventually endanger the rest of the network if they're tied in, which you *are* responsible for. Here there be dragons :), avoid it. All JMHO.
Current thread:
- [PEN-TEST] Testing a "rogue site" Kelly, Mike (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Testing a "rogue site" Mitch James (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Rich Richenberg (Sep 08)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Missy, E (Sep 12)
- Re: [PEN-TEST] Testing a "rogue site" Wandering One (Sep 13)
- Re: [PEN-TEST] Testing a "rogue site" Karyn Pichnarczyk (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Peter Van Epp (Sep 09)
- Re: [PEN-TEST] Testing a "rogue site" Meritt, Jim (Sep 11)
- Re: [PEN-TEST] Testing a "rogue site" Alexander Sarras (SEA) (Sep 13)