However, remote penetration testing does have it's Pro's, It saves the
customer travel time and the expenses
associated. It is always good to investigate who you are dealing with,
and to at least see someone face to face to talk about non-disclosure
agreements and that sort of thing. I have had an incident in which the
roles where switched, the customer was not legitimate and wanted me to
attack a legitimate company. Beware who you do business with and how. I
have learned one thing and that is security is not inherently safety.
Matthew F. Caldwell - Security Analyst
Visionary Corporate Computing Concepts (VC3)
Email: matt .
Company Web: http://www.vc3.com/
Personal Web: http://www.vc3.com/~caldwm
Office Phone: 803-733-7333
>From: Frank Willoughby[SMTP:frankw @
>Sent: Wednesday, December 31, 1997 11:08 PM
>To: James Terry
>Cc: firewalls @
>Subject: Re: firewall audit service referral
>At 11:14 AM 12/31/97 -0800, James Terry <james @
>>could anyone recommend a good firewall testing service?
>It depends on what you are looking for.
>Fortified Networks does firewall testing for customers (corporations,
>FNITL is an independent test laboratory for testing firewalls & other
>The most frequent testing performed are Quality Assurance Tests of Internet
>& other InfoSec products - primarily for vendors, etc.
>Beware of any organizations which will perform a remote firewall
>This is an inherently dangerous practice which has the potential of leading
>to their next victims.
>The opinions of the author of this mail may not necessarily be
>representative of the opinions of Fortifed Networks, Inc.
>Fortified Networks, Inc. - http://www.fortified.com/
>Home of the Free Internet Firewall Evaluation Checklist
>Expert (vendor-neutral) Computer and Network Security Solutions
>Phone: (317) 573-0800 Fax: (317) 573-0817