Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,265
    Location:
    Rocky
    I don't think he really needs to start worrying until he loses an argument with himself.
     
  2. Perko

    Perko Member

    Joined:
    Aug 12, 2011
    Messages:
    3,936
    Location:
    NW Tasmania
    But which one is the real elvis?
    Or is it more that Luke212 fights to the death?
     
  3. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,174
    Location:
    Briz Vegas
    YAY audit day today, being asked obligatory why is port 22 open AGAIN... fuck muppets!
     
  4. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,174
    Location:
    Briz Vegas
    Tyler Durden
     
  5. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    36,318
    Location:
    Brisbane
    After being told to turn off all ICMP in our network (yes, internally), I asked the auditor if he could give me a list of exploits that backed up his concern for ICMP being allowed internally.

    He just looked at me blankly, and said "but it says here on my list..."

    #JustAuditorThings
     
    Daemon, phrosty-boi, DavidRa and 2 others like this.
  6. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,995
    Location:
    Canberra
    Ping is power!
    (and it's a car analogy too)
     
    wazza likes this.
  7. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,174
    Location:
    Briz Vegas
    And that my friend is the same fucken answer I got, but I did get a win after 14 months being told OpenVPN couldn't ne installed on Windows laptops, we can now use OpenVPN officially. ;)
     
  8. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,572
    Location:
    NSW
    You should ask him to explain what ICMP stands for and when he can't explain that your very offended and are making a report to HR..... just for shits and giggles.
     
  9. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,012
    Location:
    Brisbane
    Heck I had to google what the acronym stood for again as it has been long forgotten and I only need to understand its purpose and function
     
    NSanity likes this.
  10. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,174
    Location:
    Briz Vegas
  11. Perko

    Perko Member

    Joined:
    Aug 12, 2011
    Messages:
    3,936
    Location:
    NW Tasmania
    Just do everything they say and then make them man the phones for a couple of days.
     
  12. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    7,174
    Location:
    Briz Vegas
    Yeah... no!
    I built a product to a specification and no where in the specification did it say I needed to comply with a dumbass bullshit audit that cannot justify why things are done that way because all they know is muppet windows land. Is just internal politicking, someone who has been a hindrance, whats to now feel inclusive because project is green lighted for commercial.
     
  13. Cape_Horn

    Cape_Horn Member

    Joined:
    Dec 23, 2001
    Messages:
    2,327
    Location:
    Shooting Baker
  14. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,426
    Location:
    qld.au
    9 years and I still haven't seen a pen test nor vuln test worth the cost of running it. All have been top and tailed, automated scans with no comprehension of what the report means. I just charge customers to review them now, so that's a win.
     
    elvis likes this.
  15. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    11,995
    Location:
    Canberra
    actual pen/vuln testing is hard and requires skills.

    the noobs the consultancy giants send out are neither. they are expensive though.
     
  16. caspian

    caspian Member

    Joined:
    Mar 11, 2002
    Messages:
    10,015
    Location:
    Melbourne
    the last pen test report I read impressed the hell out of me with the lengths they went to.
     
  17. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    7,012
    Location:
    Brisbane
    I want to get a test done, however it requires the buy in from our U.S and EU offices - I want physical access attempted as well.

    Head offices argument is that they know we are all not secure\hardened so lets get to a point where we think we are secure and test. My counter argument is that we don't know how insecure we really are so we may be focusing on securing a low to medium risk issue where are we are ignoring simple high risk issues. From a network point of view I think we are good but again, you don't know what you don't know
     
  18. millsy_c

    millsy_c Member

    Joined:
    Mar 31, 2007
    Messages:
    12,655
    Location:
    Brisbane
    I mean like, you can ICMP tunnel, but there's ways you can mitigate that too
    https://en.wikipedia.org/wiki/ICMP_tunnel
    Yeah bolded bit is where a lot of people screw up, in my experience. If nothing else, if you're investing x dollars into a program, what's the harm of getting some competent testers in to let you know if the focus is good?
     
  19. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    36,318
    Location:
    Brisbane
    I've seen one mob ever who were worth it. It was when I was working for finance. They charged like a wounded bull, but their test was a full blown "break in to a targeted system and steal valuable things" test, which they did, reported professionally, and then helped us fix.

    But yeah, that was literally once ever in 20+ years and hundreds (shit, thousands?) of audits. Every other mob I deal with does the "Nessus scan and print" trick, but to be fair a lot of businesses won't pay for more, because they're not required to.
     
    Daemon likes this.
  20. tensop

    tensop Member

    Joined:
    Mar 26, 2002
    Messages:
    1,388
    IT's version of test and tag
     
    phrosty-boi, Daemon, mooboyj and 7 others like this.

Share This Page

Advertisement: