Security Testing on Production Systems
Atom Powers
atom.powers at gmail.com
Mon May 15 14:27:31 PDT 2006
On 5/15/06, Charles Swiger <cswiger at mac.com> wrote:
> On May 15, 2006, at 4:54 PM, TRODAT wrote:
> > This is a hot topic as of late where I work:
> >
> > Once a system has gone into 'production' should testing,
> > specifically security, be done on it if the system could be broken
> > by the test itself?
> >
> > What is your take on this issue and why?
>
> Yes, although you should schedule possible intrusive or disruptive
> security/pentesting for an appropriate time where you can afford to
> recover from any problems which occur.
>
> Most systems which fail under testing have sufficient issues that
> they fail under some naturally-occurring load conditions.
And even if you are not running the tests, there is a good chance
somebody out there is. I'm sure you would much rather crash your
system under controlled conditions than wait for some kiddie to do it
for you.
> Backups
> are your friends.
Your best friends. (but that @#$% mechanical arm on the tape library...)
--
--
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
More information about the freebsd-questions
mailing list