Top ten tips to make attackers’ lives hell
I run a lot of penetration testing exercises against client networks and systems. A lot of the time, testing is relatively straightforward, as the network administrator is not filtering ICMP traffic, and my network scans are not proactively blocked. I love this type of testing, as it's easy and quick to undertake.
What I don't like, however, is when security-conscious administrators lay down a number of hurdles between me and the target systems. In these situations, a test that would usually take two days to undertake now takes a week's worth of my time! By laying down such hurdles, you can force attackers (and security consultants) to go to much more effort in trying to map your networks, identify services, and applications, and effectively attack and compromise them.
By Chris McNab at O'Reilly.
[ Read more ]