Good cert/company review

SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
I found this over at EHNet, thought you guys might be interested. I'm really glad I found it.

The Ethical Hacker Network - Infosec Intitute & Intense School

Comments

  • [Deleted User][Deleted User] Senior Member Posts: 0 ■■■■□□□□□□
    +1 this type of stuff makes me giddy. This is the stuff that excites me but I don't know if I will ever pursue these types of certifications. I guess maybe because I'm still pretty low on the rung but eventually when I get the fundamentals of everything down I will want to dive into this crazy/awesome world.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    I know the feeling. :)

    today I was talking to one of my managers about Symantic/Norton. He said he'd give me his IP and have me try, and I said I am not familiar with attacking from the outside. He was surprised of course, and I told him, I wanted to learn SysAdmin work before I get too deep into exploitation. So hopefully by december, I will e open to hitting security hard.
  • LukeQuakeLukeQuake Member Posts: 579 ■■■□□□□□□□
    SephStorm wrote: »
    I know the feeling. :)

    today I was talking to one of my managers about Symantic/Norton. He said he'd give me his IP and have me try, and I said I am not familiar with attacking from the outside. He was surprised of course, and I told him, I wanted to learn SysAdmin work before I get too deep into exploitation. So hopefully by december, I will e open to hitting security hard.

    Be VERY careful here, don't 'have a go' at attacking your Manager's network/home machine just because he said you could.


    These types of ethical hacks/vulnerability assessments, should only ever take place if there is detailed signed documentation in place stating exactly what you are and aren’t allowed to do, and even then only by companies with the relevant certified professionals carrying out these assessments. Never carry out these attacks over the internet from your own personal machine, doing so or attending to will get your IP blacklisted/flagged fairly quickly (unless you really know what you are doing). Security testing companies will have specific ISP agreements in place allowing these tests to be carried out.

    Feel free to carry out testing / learn more about ethical hacking etc but keep it to your own closed private network.
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    Also realize that when you sign a contact with an ISP, you are not buying your IP address and public network presence, you are only leasing it. This means that the typical ISP customer does not have the sole authority to allow a pen test to be conducted against their network from the Internet. Permission must first be obtained from the ISP to run any pen test against any host or network connected to it.
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    I have no intention of pentesting over the internet without written authorization, or in my case, the experience to know what I'm doing.

    I did find it interesting what JD said. I would bet that most companies dont have such a clause in their ISP contract.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    SephStorm wrote: »
    I have no intention of pentesting over the internet without written authorization, or in my case, the experience to know what I'm doing.

    I did find it interesting what JD said. I would bet that most companies dont have such a clause in their ISP contract.

    Most ISP would never give a company that kind of right.
  • LukeQuakeLukeQuake Member Posts: 579 ■■■□□□□□□□
    GAngel wrote: »
    Most ISP would never give a company that kind of right.

    As long as you are with a decent business ISP, contacting them to obtain an 'OK' before the pentest is carried out by the security firm is usually fine. They just like to be kept in the loop.

    It also depends on how 'skilled' the tester is, if they are just flooding the range of target IPs and filling up the session tables on the ISPs routers, they will be quickly locked out at network level by DoS filters.

    This can potentially lead to missed results etc.

    I strongly suggest using an accredited ethical hacking / IT Security firm. I’d be happy to share some details of my contacts with you via PM.
Sign In or Register to comment.