Date: Mon, 15 May 2006 17:15:32 -0400 From: Charles Swiger <cswiger@mac.com> To: TRODAT <technical@ultratrends.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Security Testing on Production Systems Message-ID: <4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3@mac.com> In-Reply-To: <20060515145152.V46728@server1.ultratrends.com> References: <20060515145152.V46728@server1.ultratrends.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 15, 2006, at 4:54 PM, TRODAT wrote: > This is a hot topic as of late where I work: > > Once a system has gone into 'production' should testing, > specifically security, be done on it if the system could be broken > by the test itself? > > What is your take on this issue and why? Yes, although you should schedule possible intrusive or disruptive security/pentesting for an appropriate time where you can afford to recover from any problems which occur. Most systems which fail under testing have sufficient issues that they fail under some naturally-occurring load conditions. Backups are your friends. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3>