Security Basics
Re: nmap root vs user question Oct 12 2013 09:01PM
ToddAndMargo (ToddAndMargo zoho com)
On 10/07/2013 07:39 AM, Rob wrote:
> Is anybody else somewhat worried about this person doing penetration
testing
> and PCI compliance auditing?
>
> No offense dude, but this is not something that can be learned from a
> security basics mailing list.
>
> I do want to help, and I do want you to learn, but not at the expense
of a
> client's security.

Hi Rob,

We all have to learn sometime. And, the customer is fully
aware that I have to learn first. I was specifically asked
by them to do so. I am well aware of my current limitations.

Also, I break down questions to their lowest dimension.
Don't let it throw you off. I am the guy you remember
in college that asked all the questions, while others
in the back of the class groaned. I got the "A's" and
they got the "C's". Remember that you do not know
my credentials, my background, my years of experience,
etc.. You do not know me.

Now, as far as this group, it is specifically designed
for beginners:

A high-volume list which permits people to ask
"stupid questions" without being derided as "n00bs".
I recommend this list to network security newbies.

So I am right were I need to be.

Also, don't get too high on this PCI stuff. Some of it
is legit, but most of it is lawyers trying to worm
out of liability. I would not want to be in the
shoes of someone who pencil whipped the forms when
they get in trouble. The lawyers will eat them
for lunch.

And, the major threats are not going to come up the
wire looking for open ports. They are going to come
through IE, Java scrips, PDF's. Open ports
are a minor threat (yes, you still have to take it
seriously). Installing that exe inside that zip file
that is suppose to help you find your lost package...

As I said, some good stuff and a lot of paper chase
(flaming hoops). Although, I do adore having a diagram
of the network. The human factor is the major threat.

My client is and will be fine.

-T

Had a client a year back who had an employee surf
the porn sites on swing shift on the client's
computer. He had EVERYTHING! Oh my that was
fun to fix when his hard drive failed and he
needed his data off it. His plethora of "Abandon
Ware" was the most challenge. (Love Live CD's.)
It is the human factor to be most frightened of.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus