Penetration Test Assistance

Tue Jun 5 16:09:51 UTC 2012

On 6/5/12 07:52 , Green, Timothy wrote:
> Howdy all,
> 
> I'm a Security Manager of a large network, we are conducting a
> Pentest next month and the testers are demanding a complete network
> diagram of the entire network.  We don't have a "complete" network
> diagram that shows everything and everywhere we are.  At most we have
> a bunch of network diagrams that show what we have in various areas
> throughout the country. I've been asking the network engineers for
> over a month and they seem to be too lazy to put it together or they
> have no idea where everything is.
> 
> I've never been in this situation before.  Should I be honest to the
> testers and tell them here is what we have, we aren't sure if it's
> accurate;  find everything else?  How would they access those areas
> that we haven't identified?   How can I give them access to stuff
> that I didn't know existed?
> 
> What do you all do with your large networks?  One huge network
> diagram, a bunch of network diagrams separated by region, or both?
> Any pentest horror stories?

Logical diagrams tend to elide the information consider unnecessary for
them to be suitably informative.

An ethernet switch with 560 network segments radiating out from it may
be accurate but not all that easy to parse or use.

Documentation needs to be sufficiently accurate and appropiate to the
tasks at hand, so it may be that you don't have what you need or perhaps
you do.

> Thanks,
> 
> Tim
> 
> ________________________________ This e-mail and any attachments are
> intended only for the use of the addressee(s) named herein and may
> contain proprietary information. If you are not the intended
> recipient of this e-mail or believe that you received this email in
> error, please take immediate action to notify the sender of the
> apparent error by reply e-mail; permanently delete the e-mail and any
> attachments from your computer; and do not disseminate, distribute,
> use, or copy this message and any attachments.
> 