Data Mining

Absolutely valid and good points...

Quote:

---

Originally Posted by skidmarq

I would make the argument that it wouldn't be foolish. Let me ask this, would a malicious user worry about the types of test he's running against your system?

As a management-type, wouldn't you want the piece of mind knowing that a real world attack scenario took place?

---

Believe me, I understand the argument, and have encountered it from clients. However, as streaker69 and Gitsnik have both pointed out, some real world scenarios are well known to do nothing but cause a failure, and there is little reason to include them in a pen test.

Quote:

---

Originally Posted by streaker69

There are certain kinds of devices that at known to completely fall over with certain types of scans, and there is nothing you can do about it to protect them other than to keep a malicious person out. The rules of engagement in vuln assessments can be worded that certain devices will not be scanned other wise very bad things can happen. It is an accepted risk that these devices exist and everything possible many times is done to protect these devices from attack.

Having someone scan these devices during an assessment isn't going to prove anything that isn't already known. Read this if you want to see something that almost happened at my site.

---

Nice blog streaker. Im looking forward to the post on remote snort sensors...

As yes, Im piling on the "dont agree to any test" bandwagon as well. Every pen testing contact I have seen has excluded DOS attacks, and you always want to prohibit the testers from taking destructive actions like deleting data or even removing log entries. There are ways to prove that these things can be done without actually doing them (for example, if you can demonstrate you have system/root privileges on a box you can normally take the ability to delete data/logs for granted)