SRX

 View Only
last person joined: 19 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Penetration Testing - Interpreting the Tester's Request

  • 1.  Penetration Testing - Interpreting the Tester's Request

    Posted 09-18-2021 20:09
    We are using the SRX340 as our primary security device.  We have engaged a 3rd party to do some parts of penetration testing.  They have asked for this:
    Email Social Engineering
    IMPORTANT NOTE: In order to ensure successful delivery of phishing emails, you must whitelist the below
    IP address on any content filtering, content monitoring, or SPAM filtering system(s) that your company
    utilizes. Improper or incomplete whitelisting of these IP addresses could result in incorrect or inaccurate
    test results.
    IP Addresses to Whitelist:
    xxx.xxx.xxx.xxx

    Now, we do have a whitelist for Web Filtering.  However, we have incomplete insight into what other mechanisms might be in use.
    For example, we know that WebFiltering uses undisclosable 3rd party lists that are dynamic.
    But this request isn't about blocking outgoing Web accesses. 
    So, I'm wondering about other things like incoming email filtering in this case.