On 12-08-06 10:36 AM, Jose Fuertes wrote:
>
> I agree with haZard0us.
>
> I would ask for external and internal pentest.....remember a hacker
> won't ask you to disable you're protections.
>
> And you are looking to measure your security.
I partially agree here and partially disagree.
The best move would be to put the IPS into IDS mode for the scanner
source and log what it would be reacting to. That might be impractical
depending on the knowledge of the IPS team.
The problem with conducting a pen test against an active IPS is that
once you've triggered a positive, there's no reason to believe that any
other test is valid. It doesn't mean that the site is properly secured,
it just means that you were detected during one particular scan/attempt.
A less complex method would be to disable the IPS for the IP of the pen
tester, generate a list of detections, then enable the IPS and test the
IPS against those concerns ( then unblocking your IP in the IPS for the
next scan if you get blocked). Your report would contain some detail
about how the IPS mitigates the vulnerabilites.
If you want to conduct a "pure" black box, then factor in the cost of
having a few thousand IP addresses in disparate networks and add it to
the quote. The customer will probably opt for disabling the IPS (for
the attacker).
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> I agree with haZard0us.
>
> I would ask for external and internal pentest.....remember a hacker
> won't ask you to disable you're protections.
>
> And you are looking to measure your security.
I partially agree here and partially disagree.
The best move would be to put the IPS into IDS mode for the scanner
source and log what it would be reacting to. That might be impractical
depending on the knowledge of the IPS team.
The problem with conducting a pen test against an active IPS is that
once you've triggered a positive, there's no reason to believe that any
other test is valid. It doesn't mean that the site is properly secured,
it just means that you were detected during one particular scan/attempt.
A less complex method would be to disable the IPS for the IP of the pen
tester, generate a list of detections, then enable the IPS and test the
IPS against those concerns ( then unblocking your IP in the IPS for the
next scan if you get blocked). Your report would contain some detail
about how the IPS mitigates the vulnerabilites.
If you want to conduct a "pure" black box, then factor in the cost of
having a few thousand IP addresses in disparate networks and add it to
the quote. The customer will probably opt for disabling the IPS (for
the attacker).
-Mike
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]