On Tue, 2007-05-29 at 12:53 -0400, George Imburgia wrote:
On Tue, 29 May 2007, Matthew Black wrote:
What would you do if a major US computer security firm attempted to hack your site's servers and networks? Would you tell the company or let their experts figure it out?
I'd hold a very public discussion on the matter.
Just a few words of caution.... First make sure that it is a hack, and not just a ping or SMTP test because they are trying to deliver you email. I did ask for a definitive of what the OP meant by hack, but haven't seen anything yet. Secondly, make sure that no one else in your company authorized this. A lot of companies do pay outside agencies to test their security. Security Audits are notorious for being requested by the corporate Financial personnel, and those are the same folks that the networking dept communicates the least with (IMHO). Finally, is it possible that the "hack" was planned behavior or a well intended mistake? Years ago, others at $DAYJOB, received customer provided configuration files to try an emulate a customer problem. All sorts of interesting traffic left our network and hit the customers, after all their configs had all their IPs listed. The customer's security department (left hand) called the FBI simply because they didn't know what their own network department (right hand) was asking $DAYJOB to do. -Jim P.