[153374] in North American Network Operators' Group
Re: Penetration Test Assistance
daemon@ATHENA.MIT.EDU (Harry Hoffman)
Tue Jun 5 14:38:25 2012
Date: Tue, 05 Jun 2012 14:37:37 -0400
From: Harry Hoffman <hhoffman@ip-solutions.net>
To: nanog@nanog.org
In-Reply-To: <CBE22E5FF427B149A272DD1DDE107524070D5B01@EX2K3.armc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There are lots of reasons why a pentester would want a network diagram.
The foremost being a point to which they can say, these are the networks
that I was given as a point of reference to pentest.
This is often a CYA policy for when people start complaining about the
scanning that is going to occur and potentially break their systems.
Cheers,
Harry
On 06/05/2012 02:34 PM, Darden, Patrick S. wrote:
>
> I'm with Barry--a network diagram showing everything from the pov of the pen team should be part of the end report.
>
> --p
>
> -----Original Message-----
> From: Barry Greene [mailto:bgreene@senki.org]
>
> Hi Tim,
>
> A _good_ pen test team would not need a network diagram. Their first round of penetration test would have them build their own network diagram from their analysis of your network.
>
> Barry
>
>
