Penetration Testing mailing list archives
Re: Level of Exploitation
From: Egon Braun <mundoalem () gmail com>
Date: Thu, 11 Dec 2008 10:43:28 -0200
I have learned with experience that what makes a flaw in a computer environment a HIG PRIORITY FLAW is the one that compromises the INFORMATION, not the server. Servers can always be replaced, reconfigured, updated and so one. You can always (in a last option) to unplug it. However, is the information that we from the security area should be focused on. What is more important for General Motors? To have one dept. without internet because a DoS attack or to have its new cars drawing stolen be a cracker? I consider HIGH, just the flaw that could give access to the information of the company, the others are always MEDIUM or LOW. Of course, this tip does not apply to every case. For example, in a shopping mall plublic internet area, the HIG PRIORITY is to have the internet access ALWAYS ON. There is no information to be secured. And we have lots of other cases ... The best is to feel the company and think about what is the "tresure" of the client, and try to protect best it. We from IT like to protect servers because we love computers, but often the problem is not in the servers but within people, policies, etc. -- Egon Braun <mundoalem () gmail com> -- Egon Braun <mundoalem () gmail com>
Attachment:
_bin
Description:
Current thread:
- Re: Level of Exploitation, (continued)
- Re: Level of Exploitation Adriel T. Desautels (Dec 05)
- Rogue Access Point Alerting Daniel Constantino (Dec 05)
- Re: Rogue Access Point Alerting Joshua Wright (Dec 05)
- Re: Rogue Access Point Alerting Robin Wood (Dec 05)
- Re: Level of Exploitation Adriel T. Desautels (Dec 03)
- Re: Level of Exploitation Matthew Zimmerman (Dec 05)
- Re: Level of Exploitation Adriel T. Desautels (Dec 05)
- RE: Level of Exploitation Shenk, Jerry A (Dec 05)
- Re: Level of Exploitation Anthony Cicalla (Dec 05)
- Re: Level of Exploitation gold flake (Dec 07)
- Re: Level of Exploitation Egon Braun (Dec 11)
- RE: Level of Exploitation GT GERONIMO, Frederick Joseph B. (Dec 11)
- Re: Level of Exploitation ArcSighter (Dec 12)
- Re: Level of Exploitation Egon Braun (Dec 12)
- Re: Level of Exploitation ArcSighter Elite (Dec 12)
- Re: Level of Exploitation Egon Braun (Dec 12)
- Re: Level of Exploitation Matthew Zimmerman (Dec 05)