Penetration Testing mailing list archives
RE: Bank Audit Best practices
From: "Mike Shaw" <mike () shawnuff net>
Date: Mon, 22 Mar 2004 12:24:50 -0800
On Mon, 22 Mar 2004 04:34:46 -0800 Keith Pachulski <keithp () corp ptd net> wrote:
Hey Dante I have run into this on numerous occasions while doing some consulting and have always with 100% failure caused them to realize the potential threat of this design.
Here's the issue: What is the threat? If all the customer/member data resides at the processor, then what can an attacker do to an institution via the processor that hasn't already been compromised? Many small institutions also use the processor for mail storage and other services. It's also common for a processor to perform other services such as workstation tech support. What is the benefit to firewalling off a bunch of workstations? In many many cases, a firewall at the institution looks great on paper, and might garner some consulting dollars...but it doesn't really *do* anything for risk management. -Mike --------------------------------------------------------------------------- You're a pen tester, but is google.com still your R&D team? Now you can get trustworthy commercial-grade exploits and the latest techniques from a world-class research group. www.coresecurity.com/promos/sf_ept1 ----------------------------------------------------------------------------
Current thread:
- RE: Bank Audit Best practices, (continued)
- RE: Bank Audit Best practices Chuck Fullerton (Mar 19)
- RE: Bank Audit Best practices Pete Herzog (Mar 19)
- Re: Bank Audit Best practices Clint Bodungen (Mar 19)
- Re: Bank Audit Best practices Jeff Lumley (Mar 19)
- Re: [security] Bank Audit Best practices rsh (Mar 19)
- Re: Bank Audit Best practices wirepair (Mar 19)
- RE: Bank Audit Best practices Michael Bitow (Mar 19)
- Re: Bank Audit Best practices Mike Shaw (Mar 19)
- RE: Bank Audit Best practices Michael Iseyemi (Mar 19)
- RE: Bank Audit Best practices Keith Pachulski (Mar 22)
- RE: Bank Audit Best practices Mike Shaw (Mar 22)
- RE: Bank Audit Best practices Gault, Brian (Mar 23)
- RE: Bank Audit Best practices Mike Shaw (Mar 23)
- RE: Bank Audit Best practices Frank Knobbe (Mar 24)
- RE: Bank Audit Best practices Roman Draconus <roman (Mar 24)
- RE: Bank Audit Best practices Gault, Brian (Mar 24)