A complete diagram makes their life easier, may make for a more complete test, but they are working for you, so if you don't have it, you don't have. I'm not a big fan of having a single diagram with everything laid out anyway, but I'm from the old shcool.
-jim On Tue, Jun 5, 2012 at 11:52 AM, Green, Timothy <timothy.gr...@mantech.com> wrote: > Howdy all, > > I'm a Security Manager of a large network, we are conducting a Pentest next > month and the testers are demanding a complete network diagram of the entire > network. We don't have a "complete" network diagram that shows everything > and everywhere we are. At most we have a bunch of network diagrams that show > what we have in various areas throughout the country. I've been asking the > network engineers for over a month and they seem to be too lazy to put it > together or they have no idea where everything is. > > I've never been in this situation before. Should I be honest to the testers > and tell them here is what we have, we aren't sure if it's accurate; find > everything else? How would they access those areas that we haven't > identified? How can I give them access to stuff that I didn't know existed? > > What do you all do with your large networks? One huge network diagram, a > bunch of network diagrams separated by region, or both? Any pentest horror > stories? > > Thanks, > > Tim > > ________________________________ > This e-mail and any attachments are intended only for the use of the > addressee(s) named herein and may contain proprietary information. If you are > not the intended recipient of this e-mail or believe that you received this > email in error, please take immediate action to notify the sender of the > apparent error by reply e-mail; permanently delete the e-mail and any > attachments from your computer; and do not disseminate, distribute, use, or > copy this message and any attachments.
