|
|
Security Basics
Disabling IPS for PENTEST Aug 06 2012 01:57PM Kid Tangerine (kidtangerine gmail com) (7 replies) Re: Disabling IPS for PENTEST Aug 06 2012 02:18PM haZard0us (hazard0us pt gmail com) (3 replies) |
|
Privacy Statement |
types of assessments.
here is why it's smart to allow a bypass of the IDS/IPS....when you engage a
3rd party to do this work, you are paying for expertise and TIME.
Time is the important consideration because the 3rd party doesn't really
have the luxury to attack your network using a "low and slow" methodology.
They will generate a lot of noise that would trigger most IDS/IPS
immediately....possibly blocking access in an automated way.
An advanced attacker would perform attacks on your network over the course
of weeks or even months...probably using compromised PCs distributed across
the world. Attacking this way, it's much easier to evade IPS/IDS
technology.
In short, you have to consider why you are doing this assessment and what
you want out of it.
If you seek better security, bypassing the IDS/IPS isn't a cop out...it's
just a way to get better data in a faster timeframe.
If you seek a "we're all good here" report, leave the IDS/IPS in place and
flush your assessment dollars out the window.
my 2 cents
----- Original Message -----
From: "Kid Tangerine" <kidtangerine (at) gmail (dot) com [email concealed]>
To: <security-basics (at) securityfocus (dot) com [email concealed]>
Sent: Monday, August 06, 2012 8:57 AM
Subject: Disabling IPS for PENTEST
> All,
>
> Corporate has requested we get a PENTEST for our Internet facing
> website from a third party, but the third party asked us to allow
> their ip address to be excluded from our IPS.
>
> Is that a common practice to basically turn off our protection and
> allow them in?
>
> Obviously we aren't developers, so If the code has sql injections,
> cross site scripting, etc vulnerabilities we cannot fix it within the
> corporate guidelines, and our only leverage from the IT infrastructure
> side is to include the needed filters in the IPS to prevent their
> crappy code from being exploited. It we turn off the IPS I am sure all
> kinds of things will show up.
>
> Any experience appreciated.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]