--- Alvin Oga <aoga@mail.Linux-Consulting.com> wrote:
questions for you
- what else is in the goals for the security test,
where i'm not
using audit, pen-test, assessments and other
"security words"
- what is the consequence if some
whitehat/grayhat/blackhat/malicioushat
does get into the box, what is the
process/proceedure/consequences
and follow up costs to cleanup vs shutdown/change
the product line
Perhaps the following questions should be asked first
1. How do we know know Mr Black is who he says he is?
2. How can we confirm the machine details he supplies
are actually details of a machine that he owns?
3. How can I prove that he is not actually a skid
trying to learn how to crack a debian box (which he
has set up) so that he can then go on to crack some he
has ssh passwords to after successfully brute forcing
some on a network somewhere.
blah, blah, blah.
And for Mr Black.
1. How will you know that whoever replies to your
email isn't a lurking cracker. I am sure there are
plenty on this list considering the topic.
2. In the event that they are is the machine
sufficiently isolated that it being compromised will
not affect the rest of your or anyone elses network.
3. Do you have a procedure to wipe the machine after
the tests are done in a timely fashion. You asked for
a summary of what took place on the machine, perhaps
you should be monitoring the activity on the machine
yourself.
blah, blah, blah.
H.