Naturally, the more noisy the attacks that are launched, the more likely your IPS will detect them and block our IP address. Because of this, the pentester is usually not worried about being noisy, they are more worried about finding all the vulnerabilities on your network in a set amount of time. Additionally, the pentester is trying to abide by a schedule that has been set and agreed to. Penetration tests, by contrast, are sold primarily by the number of hours it will take to complete. After all, if they get caught, they are worried about going to jail. An attacker, especially a smart and/or dedicated attacker, is going to take their time and only try a few things a day to avoid detection. The main reason why you should whitelist the pentester’s IP address comes down to time. Reasons to Whitelist the Pentester’s IP Address 1. So we request that you whitelist our testing IP addresses in your IPS device, such that malicious activity it detects from us will be logged but our IP address will never be blocked. Let’s discuss the reasons why you should whitelist the pentester’s IP address, and then discuss some workarounds. If malicious network traffic is identified, it will block the sender’s IP address from communicating with the hosts it is protecting for some period of time. Oftentimes, this is used in the context of a firewall, for example, where certain traffic is allowed to enter your network through a whitelist approach and all other traffic is blocked. Whitelisting, in general, is to allow something by exception where everything is denied by default. I don’t want to gloss over this in case someone reading this isn’t entirely sure what we’re talking about at this point. After all you wouldn’t whitelist a hacker’s IP address, right? There are several reasons why you should whitelist the pentester’s IP address. Isn’t that cheating? And to be clear, I can see where this is coming from. After all, many clients want to know why they should whitelist the pentester’s IP address. However, one of the ROE items we discuss that usually gets a fair amount of conversation is a list of our IP addresses for whitelisting in your intrusion prevention system (IPS). Most of these, as you would expect, go over without many questions. We cover things like making sure you have approval from your cloud provider, when status updates will be sent to the client, and how time sensitive and critical issues we discover will be handled. Before we start any engagement, we like to go over a document that lists all of the Rules of Engagement (ROE) for the upcoming penetration test.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |