tag:blogger.com,1999:blog-4088979.post114946911940355295..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Follow-Up to Donn Parker StoryRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4088979.post-1149530390311019322006-06-05T13:59:00.000-04:002006-06-05T13:59:00.000-04:00Steven,1. I can differentiate among pen testers af...Steven,<BR/><BR/>1. I can differentiate among pen testers after talking to them for 30 mins or less. More formally, as part of your selection criteria, have candidates complete one or more exercises to vet their skill levels. I have participated in such exercises.<BR/><BR/>2. Re detection -- easy: Time for a pen testing team of [low/high] skill with<BR/>[external/internal] access to obtain [stealthy/semi-stealthy/unstealthy] unauthorized access to a<BR/>specified asset using [public/custom] tools and [zero/complete] target<BR/>knowledge.<BR/><BR/>3. The term "specified asset" answers your "what was compromised" comment.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1149524774525685842006-06-05T12:26:00.000-04:002006-06-05T12:26:00.000-04:00The problem with the first measurement is that the...The problem with the first measurement is that there is no objective way to grade pen testers as having high or low skill. You can't grade them by years of experience or college degrees. <BR/><BR/>The second measurement runs against the first. A successful penetration will occur more quickly if the attacker(s) simply disregard detection--of course, there is the caveat that they could get discovered before they get access. If the attacker's goal is to not be detected, he should proceed very slowly and carefully, generating only a minimum amount of traffic and spreading his activities over a longer period of time to avoid triggering various alert thresholds.<BR/><BR/>The time taken to contain and remove an intruder will depend on what was compromised which doesn't make this measurement very useful for comparison.Anonymousnoreply@blogger.com