There is always those times when you simply hate some of the projects. I am sure some of you know what I am talking about. Usually this are projects where the difficulties usually do not comes from the technical aspect of hacking. For example, in a company where there is a fight between internal audit and the IT department. IA always knew IT were up to something that breaks compliance, but there are fierce resistance to the audit. This is one case where an external auditor is called in to do the dirty work. Well, not that IT will give these guys any better days, but it creates a opportunity to weed out those skeletons in the closets. Sometimes, this type of assignment can be nightmarish, especially if it not supported from the top by CIO / CEO etc.
In another case, the person or group you are auditing or hacking against is simply against you and refuse to co operate in any way. This is not as bad because usually in these situations, you are called in by a higher power to pull out these holes. As long as the higher power gives you the authority, many things is simple not a big issues. For example, network access. If the IT department refused to tell you what network and how to connect, there is always Wireshark to sniff out the segment and probably guess the gateway etc. In 5 minutes you will be in. Usually this situation can be solved using technical means.
There is yet another situation in my daily work which I really hate. And to be fair, it happens because nothing is perfect. That is crushing the network / server during the testing. While it is high desirable to avoid this situation, it is not within our power to ensure it never happens. Some legacy switches or poorly designed server will simply die even with a few pings. If you have a great team to support you, that would be good. Otherwise, there will be lots of finger pointing and flaming going on that actually prevents you from doing your job. But to be honest, if the network cannot survive a reasonable scanning or hacking attempts, this should be viewed as a audit failure because some other day, it won't be you crushing the resource. And these other guys will not be so easy and nice.
No comments:
Post a Comment