I need a penetration tester (individual or firm) to run some tests against my network. Anyone have any recommendations they care to share? Thanks! Tal
On 15/01/2010 21:28, Tal Cohen wrote:
I need a penetration tester (individual or firm) to run some tests against my network. Anyone have any recommendations they care to share?
1st step would be to run nessus (http://www.nessus.org/nessus/), and nmap (http://nmap.org/) on your network
On Jan 15, 2010, at 3:48 PM, Karl Hiramoto <karl@hiramoto.org> wrote:
On 15/01/2010 21:28, Tal Cohen wrote:
I need a penetration tester (individual or firm) to run some tests against my network.
Anyone have any recommendations they care to share?
1st step would be to run nessus (http://www.nessus.org/nessus/), and nmap (http://nmap.org/) on your network
If you're talking about an external network you can also look at Qualys's free scanning. http://www.qualys.com/products/trials
Thanks guys! I already run vulnerability scans. I need an actual pen-tester at this point. Tal ----- Original Message ----- From: Gregory Boyce To: Worcester Linux Users Group Cc: Worcester Linux Users Group Sent: Friday, January 15, 2010 4:03 PM Subject: Re: [Wlug] Penetration Tester On Jan 15, 2010, at 3:48 PM, Karl Hiramoto <karl@hiramoto.org> wrote: On 15/01/2010 21:28, Tal Cohen wrote: I need a penetration tester (individual or firm) to run some tests against my network. Anyone have any recommendations they care to share? 1st step would be to run nessus (http://www.nessus.org/nessus/), and nmap (http://nmap.org/) on your network If you're talking about an external network you can also look at Qualys's free scanning. http://www.qualys.com/products/trials ------------------------------------------------------------------------------ _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Never hired one myself, but I do know a number of them. Locally Netragard or Rapid 7 certainly have smart people working there. On Jan 15, 2010, at 4:07 PM, "Tal Cohen" <wlug@cohen123.com> wrote:
Thanks guys!
I already run vulnerability scans. I need an actual pen-tester at this point.
Tal ----- Original Message ----- From: Gregory Boyce To: Worcester Linux Users Group Cc: Worcester Linux Users Group Sent: Friday, January 15, 2010 4:03 PM Subject: Re: [Wlug] Penetration Tester
On Jan 15, 2010, at 3:48 PM, Karl Hiramoto <karl@hiramoto.org> wrote:
On 15/01/2010 21:28, Tal Cohen wrote:
I need a penetration tester (individual or firm) to run some tests against my network.
Anyone have any recommendations they care to share?
1st step would be to run nessus (http://www.nessus.org/nessus/), and nmap (http://nmap.org/) on your network
If you're talking about an external network you can also look at Qualys's free scanning.
http://www.qualys.com/products/trials _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Don't bother. It's security theater. It easy to run automated tests, but the chance it will actually catch something that you wouldn't know about by reading the proper security mailing lists is negligible. These days most malware gets in through end users doing stupid things. China hacked Google with a phishing attack. There's no completely technical solution for that. Educate users as best you can. If there's sensitive data on your network, make sure only people who need access have access. Assume that your network will be compromised. Have a strategy to restore things quickly when that happens. Tal Cohen <wlug@cohen123.com> wrote:
I need a penetration tester (individual or firm) to run some tests against my network.
Anyone have any recommendations they care to share?
Thanks!
Tal
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
I agree with most of what you're saying except I thinking you're mixing up vulnerability scanning with pen testing. A good pen tester will actually demonstrate the vulnerability and can find new issues in your custom web app code. The one benefit of pen testing would be convincing decision makers that the steps you outlined are necessary. On Jan 18, 2010, at 12:32 PM, Nick Nassar <nassar@alum.wpi.edu> wrote:
Don't bother. It's security theater.
It easy to run automated tests, but the chance it will actually catch something that you wouldn't know about by reading the proper security mailing lists is negligible.
These days most malware gets in through end users doing stupid things. China hacked Google with a phishing attack. There's no completely technical solution for that. Educate users as best you can. If there's sensitive data on your network, make sure only people who need access have access.
Assume that your network will be compromised. Have a strategy to restore things quickly when that happens.
Tal Cohen <wlug@cohen123.com> wrote:
I need a penetration tester (individual or firm) to run some tests against my network.
Anyone have any recommendations they care to share?
Thanks!
Tal
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Not to mention, it is a requirment for for certain compliance that I am trying to meet :) Tal ----- Original Message ----- From: "Gregory Boyce" <gregory.boyce@gmail.com> To: "Worcester Linux Users Group" <wlug@mail.wlug.org> Sent: Monday, January 18, 2010 3:47 PM Subject: Re: [Wlug] Penetration Tester
I agree with most of what you're saying except I thinking you're mixing up vulnerability scanning with pen testing. A good pen tester will actually demonstrate the vulnerability and can find new issues in your custom web app code.
The one benefit of pen testing would be convincing decision makers that the steps you outlined are necessary.
On Jan 18, 2010, at 12:32 PM, Nick Nassar <nassar@alum.wpi.edu> wrote:
Don't bother. It's security theater.
It easy to run automated tests, but the chance it will actually catch something that you wouldn't know about by reading the proper security mailing lists is negligible.
These days most malware gets in through end users doing stupid things. China hacked Google with a phishing attack. There's no completely technical solution for that. Educate users as best you can. If there's sensitive data on your network, make sure only people who need access have access.
Assume that your network will be compromised. Have a strategy to restore things quickly when that happens.
Tal Cohen <wlug@cohen123.com> wrote:
I need a penetration tester (individual or firm) to run some tests against my network.
Anyone have any recommendations they care to share?
Thanks!
Tal
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
That's certainly a legit reason. :) What compliance requires penetration testing but doesn't specify what test suite to use? Tal Cohen <wlug@cohen123.com> wrote:
Not to mention, it is a requirment for for certain compliance that I am trying to meet :)
Tal
It actually is specified, I just didn't include it in the email. Tal PS PCI ----- Original Message ----- From: "Nick Nassar" <nassar@alum.wpi.edu> To: "Worcester Linux Users Group" <wlug@mail.wlug.org> Sent: Monday, January 18, 2010 4:51 PM Subject: Re: [Wlug] Penetration Tester
That's certainly a legit reason. :)
What compliance requires penetration testing but doesn't specify what test suite to use?
Tal Cohen <wlug@cohen123.com> wrote:
Not to mention, it is a requirment for for certain compliance that I am trying to meet :)
Tal
Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff. This is the hardware, generically: http://www.free60.org/Main_Page Some of it needs specific type, such as the RAM, and etc. The video card could be any recent ATI HD I'm imagining. The motherboard for this would need PCI-extreme slots. Yes I am aware it has been hacked with JTAG and all. I am not looking to hack mine. Just to build a similar machine for development where I'll run Linux and hopefully put together a complete (free, GPL) toolchain. Thanks -- Tatsh www.tatsh.net ddrtist@gmail.com
On 1/29/2010 9:25 AM, Tatsh wrote:
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff.
This is the hardware, generically: http://www.free60.org/Main_Page
<SNIP> It's probably a lot cheaper to just find a used Intellistation Power machine. You can get them in multiproc configuration. I see them on ebay for a few hundred every now and then and I've seen them at the MIT flea for even cheaper, likely stripped though. Starting from scratch would be rough these days. I think the only other place to get 'inexpensive' boards for such a beast would be the amigaone crowd and there's no way it's going to be super cheap. They were trying to sell G3 and G4-based machines for ridiculous money a few years ago.
Thanks
Good hunting! soup
On Fri, 29 Jan 2010, Tatsh wrote:
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff.
It doesn't qualify as "similar to the Xbox 360" or even PC-like, but there are a lot of fun ARM devices on the market these days, many of which are tiny and/or low power, if playing around with other architectures is your goal. SheevaPlug, for example: http://en.wikipedia.org/wiki/SheevaPlug Brian
:( That's a tall order, actually. The processor in the 360 was made by IBM especially for the 360 at M$'s request. The closest things you're going to find in terms of speed (not necessarily # of cores) is going to be systems based on the 970 (like the Mac G5 or certain IBM blade center boards) or systems based on the POWER6 which generally only going to be found in IBM blade centers (js20 goes for around $500 on ebay, and the js22 goes for around $3,000 on ebay). Today, most PPC cores are found in embedded systems in things like wireless access points, mobile computing devices, routers, etcc, and most of them are just 32 bit processors. I've seen the G5s go for as little as $300 on ebay, too. On Fri, Jan 29, 2010 at 9:25 AM, Tatsh <ddrtist@gmail.com> wrote:
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff.
This is the hardware, generically: http://www.free60.org/Main_Page
Some of it needs specific type, such as the RAM, and etc. The video card could be any recent ATI HD I'm imagining. The motherboard for this would need PCI-extreme slots.
Yes I am aware it has been hacked with JTAG and all. I am not looking to hack mine. Just to build a similar machine for development where I'll run Linux and hopefully put together a complete (free, GPL) toolchain.
Thanks
-- Tatsh www.tatsh.net ddrtist@gmail.com _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Wow, POWER6 is expensive. Looks like if I want this sorta thing my best bet is getting the actual XDK hardware (they are not 100% rare; I've seen several for sale on Scenyx forums). Still, I think I am definitely getting that SheevaPlug. I'll turn that into my proxy server (which I currently use a big, power-hungry desktop for). Thanks for the help guys. On 29 January 2010 13:48, Adam Gomes <adam@unixgeek.net> wrote:
:( That's a tall order, actually. The processor in the 360 was made by IBM especially for the 360 at M$'s request. The closest things you're going to find in terms of speed (not necessarily # of cores) is going to be systems based on the 970 (like the Mac G5 or certain IBM blade center boards) or systems based on the POWER6 which generally only going to be found in IBM blade centers (js20 goes for around $500 on ebay, and the js22 goes for around $3,000 on ebay). Today, most PPC cores are found in embedded systems in things like wireless access points, mobile computing devices, routers, etcc, and most of them are just 32 bit processors.
I've seen the G5s go for as little as $300 on ebay, too.
On Fri, Jan 29, 2010 at 9:25 AM, Tatsh <ddrtist@gmail.com> wrote:
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff.
This is the hardware, generically: http://www.free60.org/Main_Page
Some of it needs specific type, such as the RAM, and etc. The video card could be any recent ATI HD I'm imagining. The motherboard for this would need PCI-extreme slots.
Yes I am aware it has been hacked with JTAG and all. I am not looking to hack mine. Just to build a similar machine for development where I'll run Linux and hopefully put together a complete (free, GPL) toolchain.
Thanks
-- Tatsh www.tatsh.net ddrtist@gmail.com _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
While NOT PPC64, the Beagle board (beagleboard.org) looks pretty damn cool. The processor is an ARM Cortex. They -claim- laptop like performance (whatever that means...) Later, Tim. On Sat, Jan 30, 2010 at 7:34 AM, Tatsh <ddrtist@gmail.com> wrote:
Wow, POWER6 is expensive. Looks like if I want this sorta thing my best bet is getting the actual XDK hardware (they are not 100% rare; I've seen several for sale on Scenyx forums).
Still, I think I am definitely getting that SheevaPlug. I'll turn that into my proxy server (which I currently use a big, power-hungry desktop for).
Thanks for the help guys.
On 29 January 2010 13:48, Adam Gomes <adam@unixgeek.net> wrote:
:( That's a tall order, actually. The processor in the 360 was made by IBM especially for the 360 at M$'s request. The closest things you're going to find in terms of speed (not necessarily # of cores) is going to be systems based on the 970 (like the Mac G5 or certain IBM blade center boards) or systems based on the POWER6 which generally only going to be found in IBM blade centers (js20 goes for around $500 on ebay, and the js22 goes for around $3,000 on ebay). Today, most PPC cores are found in embedded systems in things like wireless access points, mobile computing devices, routers, etcc, and most of them are just 32 bit processors.
I've seen the G5s go for as little as $300 on ebay, too.
On Fri, Jan 29, 2010 at 9:25 AM, Tatsh <ddrtist@gmail.com> wrote:
Where can I find parts to build a PC based on PPC64? Really, I'd like to build something similar to the Xbox 360 for development purposes and for fun. It seems like it's impossible to find the parts though (at least with Google). Anyone know suppliers? If it's way out of price range I'll step out but I'd like to at least see where to get this stuff.
This is the hardware, generically: http://www.free60.org/Main_Page
Some of it needs specific type, such as the RAM, and etc. The video card could be any recent ATI HD I'm imagining. The motherboard for this would need PCI-extreme slots.
Yes I am aware it has been hacked with JTAG and all. I am not looking to hack mine. Just to build a similar machine for development where I'll run Linux and hopefully put together a complete (free, GPL) toolchain.
Thanks
-- Tatsh www.tatsh.net ddrtist@gmail.com _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
-- I am leery of the allegiances of any politician who refers to their constituents as "consumers".
participants (9)
-
Adam Gomes -
Brian Conway -
Gregory Boyce -
Karl Hiramoto -
Nick Nassar -
soup -
Tal Cohen -
Tatsh -
Tim Keller