On 6 Apr 99, at 15:08, [EMAIL PROTECTED] wrote:
> > -----Urspr�ngliche Nachricht-----
> > Von: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> > Gesendet am: Mittwoch, 31. M�rz 1999 16:22
> >
> > Dude, are you nuts. In essence, you are asking a pack of wolves to help
> > you protect your sheep farm. Hire a reliable and trustworthy group like
> > Network Security Solutions to do this.
>
> [Kunz, Peter] What do you folks think of the IT wings of the big 5
> auditing frims offering penetration testing?
It's a tough call. On the one hand, it's useful to have the
penetration test done by someone other than the security admins, so you
get a realistic exercise.
On the other hand, paid intruders are usually bound by an agreement
not to "damage" the system, and this limits the extent to which they
can test for real-world vulnerabilities. They'll easily uncover a
network that is totally unprotected, but probably cannot discriminate
well between "protected", "hardened", and "locked down".
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
