Re: whitehat to test a security config

To: debian-security@lists.debian.org
Subject: Re: whitehat to test a security config
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Wed, 02 Nov 2005 23:14:22 +0100
Message-id: <[🔎] E1EXQsA-0004wB-00@calista.inka.de>
In-reply-to: <[🔎] 5c69840f54112c46968c22cfc3d3d632@turingstudio.com>

In article <[🔎] 5c69840f54112c46968c22cfc3d3d632@turingstudio.com> you wrote:
> I'm looking for (preferably) a company, or individual, to attempt to 
> breach a standard config I have created to deploy client applications 
> in production. It is intentionally a minimal config which is tightly 
> locked down and audited daily.

I think it is very bad efficiency to do black-box testing. Because it
requires a very good attacker and much time to find a problem. And if you
dont find one, you can't be shure you are secure. It is much better to let
the external auditor verify your configuration. Give them access to all
config files and documentation, your risk matrix etc. This is much cheaper
and much more sucessfull.

Gruss
Bernd

Reply to:

Follow-Ups:
- Re: whitehat to test a security config
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- whitehat to test a security config
  - From: alex black <enigma@turingstudio.com>

Prev by Date: Patrina Graham?
Next by Date: Re: whitehat
Previous by thread: whitehat to test a security config
Next by thread: Re: whitehat to test a security config
Index(es):
- Date
- Thread