Penetration Testing mailing list archives
Re: Blue Team ROE
From: zenmasterbob123 () gmail com
Date: 14 Mar 2007 13:15:41 -0000
You've already had some good responses, but I thought I should throw in my 3 cents, having worked with gvt agencies. They are going to be paranoid about *anything* you try to do, especially if it alters the system baseline. I don't blame them, as there has been enough bad press about gvt agencies getting "penetrated", and they will have a natural concern that one of your operatives may leave a backdoor for themselves. Still, it sounds like your best bet is to either forego the Red Team activities or simply walk away from the table. If you do decide to take tha task, make sure they document the limitations, then reference their requirements in your statement of work. Then it will be clear to all concerned that you are limiting the attack vectors based on their instructions. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Blue Team ROE mesenbrink (Mar 04)
- RE: Blue Team ROE Dexter, Ben (Mar 05)
- RE: Blue Team ROE McCarty, Eric C. (Mar 05)
- RE: Blue Team ROE Dave Sanford (Mar 05)
- RE: Blue Team ROE Angelacci, Anna M CTR SPAWAR, J616 (Mar 13)
- Re: Blue Team ROE Pete Herzog (Mar 14)
- RE: Blue Team ROE Tim Singletary (Mar 14)
- <Possible follow-ups>
- RE: Blue Team ROE krymson (Mar 06)
- RE: Blue Team ROE Dave Sanford (Mar 09)
- Re: Blue Team ROE zenmasterbob123 (Mar 14)
- RE: Blue Team ROE Dexter, Ben (Mar 05)