Date: Mon, 15 May 2006 14:27:17 -0700 From: "Atom Powers" <atom.powers@gmail.com> To: "Charles Swiger" <cswiger@mac.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>, TRODAT <technical@ultratrends.com> Subject: Re: Security Testing on Production Systems Message-ID: <df9ac37c0605151427k1a44e172k5b8152ab5f3c5f7b@mail.gmail.com> In-Reply-To: <4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3@mac.com> References: <20060515145152.V46728@server1.ultratrends.com> <4D0ECFC4-7168-4CB8-A9EB-54C9A51D9EB3@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/15/06, Charles Swiger <cswiger@mac.com> wrote: > On May 15, 2006, at 4:54 PM, TRODAT wrote: > > This is a hot topic as of late where I work: > > > > Once a system has gone into 'production' should testing, > > specifically security, be done on it if the system could be broken > > by the test itself? > > > > What is your take on this issue and why? > > Yes, although you should schedule possible intrusive or disruptive > security/pentesting for an appropriate time where you can afford to > recover from any problems which occur. > > Most systems which fail under testing have sufficient issues that > they fail under some naturally-occurring load conditions. And even if you are not running the tests, there is a good chance somebody out there is. I'm sure you would much rather crash your system under controlled conditions than wait for some kiddie to do it for you. > Backups > are your friends. Your best friends. (but that @#$% mechanical arm on the tape library...) --=20 -- Perfection is just a word I use occasionally with mustard. --Atom Powers--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?df9ac37c0605151427k1a44e172k5b8152ab5f3c5f7b>