[153354] in North American Network Operators' Group
Re: Penetration Test Assistance
daemon@ATHENA.MIT.EDU (jim deleskie)
Tue Jun 5 12:33:43 2012
In-Reply-To: <DD17DCA4DBB14A44870126211203BE9D02657B61F7C5@CHNMICMBX02.ManTech.com>
Date: Tue, 5 Jun 2012 13:07:36 -0300
From: jim deleskie <deleskie@gmail.com>
To: "Green, Timothy" <Timothy.Green@mantech.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
A complete diagram makes their life easier, may make for a more
complete test, but they are working for you, so if you don't have it,
you don't have. I'm not a big fan of having a single diagram with
everything laid out anyway, but I'm from the old shcool.
-jim
On Tue, Jun 5, 2012 at 11:52 AM, Green, Timothy
<Timothy.Green@mantech.com> wrote:
> Howdy all,
>
> I'm a Security Manager of a large network, we are conducting a Pentest ne=
xt month and the testers are demanding a complete network diagram of the en=
tire network. =A0We don't have a "complete" network diagram that shows ever=
ything and everywhere we are. =A0At most we have a bunch of network diagram=
s that show what we have in various areas throughout the country. I've been=
asking the network engineers for over a month and they seem to be too lazy=
to put it together or they have no idea where everything is.
>
> I've never been in this situation before. =A0Should I be honest to the te=
sters and tell them here is what we have, we aren't sure if it's accurate; =
=A0find everything else? =A0How would they access those areas that we haven=
't identified? =A0 How can I give them access to stuff that I didn't know e=
xisted?
>
> What do you all do with your large networks? =A0One huge network diagram,=
a bunch of network diagrams separated by region, or both? =A0Any pentest h=
orror stories?
>
> Thanks,
>
> Tim
>
> ________________________________
> This e-mail and any attachments are intended only for the use of the addr=
essee(s) named herein and may contain proprietary information. If you are n=
ot the intended recipient of this e-mail or believe that you received this =
email in error, please take immediate action to notify the sender of the ap=
parent error by reply e-mail; permanently delete the e-mail and any attachm=
ents from your computer; and do not disseminate, distribute, use, or copy t=
his message and any attachments.
