It amazes me that most of the "security companies" that offer penetration testing services don't know what penetration testing is. Specifically, they don't deliver penetration tests even though they call their services penetration testing services. In most cases their customers think that they're receiving penetration tests but instead they're receiving the lesser quality vulnerability assessment service. When customers are looking to purchase penetration testing services they should receive penetration testing services. Likewise, when they're looking to purchase vulnerability assessment services they should receive vulnerability assessment services. Unfortunately, customers won't know what they're receiving unless they clearly understand what those services are and how those services are defined. The services are not interchangeable and they are Â entirely different. The English dictionary defines a Penetration Test as a method for determining the presence of points where something can make its way through or into something else. Penetration testing is not unique to Information Security and is used by a wide variety of other industries. Â For example, penetration testing is used to test armor by exposing the armor to a level of threat that is usually slightly higher in intensity than what it [...]
Its surprising to us that people still define their network perimeter by their firewall, which is often the perceived demarcation point between the Internet and the Local Area Network (LAN). Â The fact of the matter is that the real demarcation point has nothing to do with the firewall at all. Â In fact these days the real demarcation point has more to do with the human element (you) than with technology in general. I bring this up because the issue surfaces during penetration testing engagements frequently. Â Specifically, customers want penetration testing services against their perimeter but they don't actually know what their perimeter is. Â Once we explain it to them their perspective on what a penetration test is changes significantly and for ever. Â Their perimeterÂ is defined by any point that is accessible to an Internet based attacker, but what does that really mean? Clearly firewalls, web servers, email servers, ftp servers, etc. are accessible to an Internet based attacker. Â But what about all of those services that businesses use on a daily basis that reach out to the Internet to collect data. Â What about what you are doing right now? [...]
Our (Netragard's) founder and president (Adriel Desautels) was recently interviewed by the local news (Fox 25) about car hacking. We thought that we'd write a quick entry and share this with you. Thank you to Fox 25 for doing such a good job with the interview. Note for the AAA guy though, once cars have IP addresses (which is now) hackers won't need to "pull up next to you to hack [your car]" and turning the car off is the least of the problems. Hackers will be able to do it from their location of choice and trust us when we say that "firewalls" don't pose much of a challenge at all. Anyway, enjoy the video and please feel free to comment. http://www.myfoxboston.com/dpp/news/special_reports/could-your-car-be-a-hackers-target-20101111Netragard, LLC. -- The Specialist in Anti Hacking.