[153347] in North American Network Operators' Group
Penetration Test Assistance
daemon@ATHENA.MIT.EDU (Green, Timothy)
Tue Jun 5 11:49:26 2012
From: "Green, Timothy" <Timothy.Green@ManTech.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Tue, 5 Jun 2012 10:52:54 -0400
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Howdy all,
I'm a Security Manager of a large network, we are conducting a Pentest next=
month and the testers are demanding a complete network diagram of the enti=
re network. We don't have a "complete" network diagram that shows everythi=
ng and everywhere we are. At most we have a bunch of network diagrams that=
show what we have in various areas throughout the country. I've been askin=
g the network engineers for over a month and they seem to be too lazy to pu=
t it together or they have no idea where everything is.
I've never been in this situation before. Should I be honest to the tester=
s and tell them here is what we have, we aren't sure if it's accurate; fin=
d everything else? How would they access those areas that we haven't ident=
ified? How can I give them access to stuff that I didn't know existed?
What do you all do with your large networks? One huge network diagram, a b=
unch of network diagrams separated by region, or both? Any pentest horror =
stories?
Thanks,
Tim
________________________________
This e-mail and any attachments are intended only for the use of the addres=
see(s) named herein and may contain proprietary information. If you are not=
the intended recipient of this e-mail or believe that you received this em=
ail in error, please take immediate action to notify the sender of the appa=
rent error by reply e-mail; permanently delete the e-mail and any attachmen=
ts from your computer; and do not disseminate, distribute, use, or copy thi=
s message and any attachments.
