I don't see what is wrong with hiring hackers to test your networks and
systems. I think the key to this is to actually close up what they find
right away and monitor their activities while they are in the system. They
are there to make money for themselves (as consultants) and it would be
counter productive for them to compromise the systems. If they were caught
in the act, you obviously wouldn't hire them again or recommend them to
anyone else. This is not to say that it won't happen, but a known evil is
better than the unknown.
I'd rather have someone with experience test my networks and systems
internally and externally.
At 05:39 PM 4/6/99 -0800, David Gillett wrote:
>On 6 Apr 99, at 15:08, [EMAIL PROTECTED] wrote:
>
>> > -----Urspr�ngliche Nachricht-----
>> > Von: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
>> > Gesendet am: Mittwoch, 31. M�rz 1999 16:22
>> >
>> > Dude, are you nuts. In essence, you are asking a pack of wolves to help
>> > you protect your sheep farm. Hire a reliable and trustworthy group like
>> > Network Security Solutions to do this.
>>
>> [Kunz, Peter] What do you folks think of the IT wings of the big 5
>> auditing frims offering penetration testing?
>
> It's a tough call. On the one hand, it's useful to have the
>penetration test done by someone other than the security admins, so you
>get a realistic exercise.
> On the other hand, paid intruders are usually bound by an agreement
>not to "damage" the system, and this limits the extent to which they
>can test for real-world vulnerabilities. They'll easily uncover a
>network that is totally unprotected, but probably cannot discriminate
>well between "protected", "hardened", and "locked down".
>
>David G
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
