Plus what if all the pentester does is take the system offline. If they are a good pen testing company the will do the full audit as well as the actual getting in part. Secure policies and design are the best bet usually. Treat every system like it is going to get owned, if not already and go from there. My suggestion too, to save on some of the costs and issues they find is run the system up in a virtual environment and attempt to get in yourself, this will help for later systems when costs are tight to.
On Sun, Nov 1, 2009 at 12:08 AM, db <[email protected]> wrote: > Daniel um ... ok. I don't see how a security audit is any different to > any other(audit). Audits should be done. > > Rick i hope some one can help you. However, do consider the cost of a > server compromise when you are considering testing / having some one > else look at the server. > > > > 2009/10/31 Daniel Pittman <[email protected]>: > > Rick Phillips <[email protected]> writes: > > > >> Would any member be interested in conducting a penetration test of a > server > >> I administer? If so, please contact me off list and I will explain the > >> circumstances. > > > > If it were possible, even in the most general of terms, I would be very > > curious to know what you hope to achieve through a penetration test. > > > > As far as I can see a penetration test gives you one piece of > information: > > Were the attackers in question capable of breaking in to your network? > > > > What I can't see is how this then turns into anything useful: it might > let you > > fix the issues they did discover, but nothing more — especially not, "are > you > > actually secure". > > > > > > OTOH, you may see some value that I have missed, so I am very curious to > know > > what that is, if it is possible for you to share the information. > > > > Daniel > > -- > > ✣ Daniel Pittman ✉ [email protected] ☎ +61 401 > 155 707 > > ♽ made with 100 percent post-consumer electrons > > Looking for work? Love Perl? In Melbourne, Australia? We are hiring. > > -- > > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
