Re: whitehat to test a security config

2005-11-03 Thread Bernd Eckenfels
On Fri, Nov 04, 2005 at 01:19:36AM +0100, Javier Fernández-Sanguino Peña wrote: > But also somewhat wrong: a black-box test is much cheaper than a full > security audit of a system. Well, I guess you mean "port scan". A Tiger Team who helps your security is most often quite expensive cause it take

Re: whitehat to test a security config

2005-11-03 Thread Javier Fernández-Sanguino Peña
On Wed, Nov 02, 2005 at 11:14:22PM +0100, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > > I'm looking for (preferably) a company, or individual, to attempt to > > breach a standard config I have created to deploy client applications > > in production. It is intentionally a

Re: whitehat to test a security config

2005-11-02 Thread Bernd Eckenfels
In article <[EMAIL PROTECTED]> you wrote: > I'm looking for (preferably) a company, or individual, to attempt to > breach a standard config I have created to deploy client applications > in production. It is intentionally a minimal config which is tightly > locked down and audited daily. I thin

Re: whitehat to test a security config

2005-11-02 Thread Rob Burgers
- Original Message - From: "Harry" <[EMAIL PROTECTED]> To: <> Sent: Tuesday, November 01, 2005 10:48 AM Subject: Re: whitehat to test a security config --- Alvin Oga <[EMAIL PROTECTED]> wrote: questions for you - what else is in the goals for the

Re: whitehat to test a security config

2005-11-01 Thread Alvin Oga
On Tue, 1 Nov 2005, Harry wrote: > Perhaps the following questions should be asked first > > 1. How do we know know Mr Black is who he says he is? > 2. How can we confirm the machine details he supplies > are actually details of a machine that he owns? ... all valid points .. - a face to face

Re: whitehat to test a security config

2005-11-01 Thread Harry
--- Alvin Oga <[EMAIL PROTECTED]> wrote: > questions for you > > - what else is in the goals for the security test, > where i'm not > using audit, pen-test, assessments and other > "security words" > > - what is the consequence if some > whitehat/grayhat/blackhat/malicioushat > does get into

Re: whitehat to test a security config

2005-10-31 Thread Alvin Oga
hi ya alex On Mon, 31 Oct 2005, alex black wrote: i'm gonna skip the offlist part and raise some questions/comments just because it's a fun topic to cover and see other folks comments and philosophy - there will never be "one solution for 2-3 people" but will be all different so

whitehat to test a security config

2005-10-31 Thread alex black
hi, (never posted here before, only watched the announcements: if this topic is inappropriate for this list I apologize in advance) I'm looking for (preferably) a company, or individual, to attempt to breach a standard config I have created to deploy client applications in production. It is