2010/11/15 Máirín Duffy <duffy@xxxxxxxxxxxxxxxxx>: > On Mon, 2010-11-15 at 11:39 -0500, Eric "Sparks" Christensen wrote: >> Basically we are protecting ourselves from hackers that can't build >> from source. We are also preventing IT professionals who want to just >> yum install a package instead of taking the time to build from source. > > Are there IT professionals who use SQLninja? I know of some. In a former job, I would probably have used it if it was required to meet the parameters of a test. In general there are at least 4 fields that these sorts of tools are used: 1) Audit work. This is penetration testing to meet the requirements of an audit. Does the group protect the data to easily acquired tools? 2) Red Team. This usually goes beyond audit requirements in that you have been given a "Get out of Jail" card to see what you can acquire and how long it takes for the "Blue Team" to respond. Usually had to do this once a year per group. 3) Blue Team. This is where you are getting ready for a Red/Tiger team visit and want to know how bad things are and what you need to deal with. 4) Cleanup. System breakins will happen no matter how well you defend your bunker. Knowing what the tools do, where they leave tracks, and what could be affected are all needed. The tool SQLninja does not meet the #1 type rule. It does meet 2,3,4 types as it will be on every auditors usb boot key. However for #2/#3 there are legal/financial risks that the auditor must take upon themselves (and the management that oks such 'tests'). I am not a lawyer and not versed on whether such risks are passable to the distributor or not. For #4, you run these tools in a 'cleanroom' to see what you can find out what people are using. The attacks that sqlninja uses are not 0 day ones.. they are ones that if you pay for various licenses you can get for nessus/metasploit/russian mob. -- Stephen J Smoogen. "The core skill of innovators is error recovery, not failure avoidance." Randy Nelson, President of Pixar University. "Let us be kind, one to another, for most of us are fighting a hard battle." -- Ian MacLaren _______________________________________________ advisory-board mailing list advisory-board@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/advisory-board
