RE: Has anyone heard of this?

Fri, 22 Jun 2001 11:38:10 -0700

I tend to just lurk here, and am sensitive to issues related to self-promotion, but as an FYI, Cisco has a SPA (security posture assessment) team that was part of our Wheelgroup acquisition a few years ago. They are comprised primarily of ex-military electronics warfare team members, ex-FBI cyber-crime specialists, and other equally spooky people. They do LOTS of this sort of "ethical hacking" thing (brute force attacks, penetration assessment, software vulnerability exploits, social engineering, even war-dialing [which is SURPRISINGLY effective - we get in about 2/3 of the time with that!], etc.) in both the public and private sectors. They use a combination of publicly available and proprietary tools to analyze security. They also provide a disaster-recovery service for companies that have been the victims of attack.

IMO, an outside company which provides this type of service is especially useful because in many companies (and I speak to hundreds of them) the people responsible for security implementation are the SAME PEOPLE responsible for security assessment. This is bad. Among other things, it lends itself to missing the same problems over and over again. In my experience, failure to provide appropriate oversight and double-checking tends to be the weakest security link for many organizations. SPAs go a long way towards filling that gap.

-bill

At 12:14 AM 6/23/2001 +0100, David Ishmael wrote:
I used to know several companies that did "ethical hacking" as a consulting service for companies who wanted reports on how good their security setup was.  They did everything from brute force to social engineering.  The funny thing was that they used the same tools that are publicly available (nmap, snort, etc.).

David Ishmael, CCNA, IVCP
Senior Network Management Engineer
Windward Consulting Group, Inc.
Phone: (703) 812-0132
Phone: (703) 283-7564
eFax: (425) 969-4707
Fax: (703) 351-9428
mailto:[EMAIL PROTECTED]


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Friday, June 22, 2001 4:44 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Marcus J. Ranum
Subject: Re: Has anyone heard of this?
I might, but first we have to find some one that's actually bought into this nosense.

I'm sure I don't know anyone.

-- Bill







[EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]

06/19/2001 10:51 AM
       
        To:        "Marcus J. Ranum" <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
        cc:        [EMAIL PROTECTED]
        Subject:        Re: Has anyone heard of this?





The only way to find is this is true is to hire some sort of high end
consulting service company that offers "Ethical Hacking" services to prove
the company wrong.
Bill, do you know any high end network service company that offers this
kind of service.??

/cheers

:)

/m

At 12:28 PM 6/17/2001 -0400, Marcus J. Ranum wrote:

>Any way the company claims to have unbreakable protection against outside
>and inside hackers and real-time detection of ALL intrusion attempts
>including virus detection.

It's a safe bet then whenever you see a claim like the above that you're
dealing
with charlatans.

mjr.

---
Marcus J. Ranum     Chief Technology Officer, NFR Security Inc.
Work:  http://www.nfr.com
Play: http://www.ranum.com

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls



Bill McGee, CCNA
VPN and Security Evangelist
VSEC Channels Development Manager
Cisco Systems, Inc.

[EMAIL PROTECTED]
Phone: 408.859.7942
Pager: 800.365.4578 ([EMAIL PROTECTED])
FAX: 408.527.5173

Make your Cisco network "SAFE"
http://www.cisco.com/go/safe/

The power to end extreme poverty is now online...
www.netaid.org

Reply via email to