Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 May 2006 14:27:17 -0700
From:      "Atom Powers" <atom.powers@gmail.com>
To:        "Charles Swiger" <cswiger@mac.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>, TRODAT <technical@ultratrends.com>
Subject:   Re: Security Testing on Production Systems
Message-ID:  <df9ac37c0605151427k1a44e172k5b8152ab5f3c5f7b@mail.gmail.com>
In-Reply-To: <4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3@mac.com>
References:  <20060515145152.V46728@server1.ultratrends.com> <4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3@mac.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/06, Charles Swiger <cswiger@mac.com> wrote:
> On May 15, 2006, at 4:54 PM, TRODAT wrote:
> > This is a hot topic as of late where I work:
> >
> > Once a system has gone into 'production' should testing,
> > specifically security, be done on it if the system could be broken
> > by the test itself?
> >
> > What is your take on this issue and why?
>
> Yes, although you should schedule possible intrusive or disruptive
> security/pentesting for an appropriate time where you can afford to
> recover from any problems which occur.
>
> Most systems which fail under testing have sufficient issues that
> they fail under some naturally-occurring load conditions.

And even if you are not running the tests, there is a good chance
somebody out there is. I'm sure you would much rather crash your
system under controlled conditions than wait for some kiddie to do it
for you.

>  Backups
> are your friends.

Your best friends. (but that @#$% mechanical arm on the tape library...)


--=20
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df9ac37c0605151427k1a44e172k5b8152ab5f3c5f7b>