• sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    141
    ·
    7 days ago

    I’m pretty lazy, but I’d at least run a port scan so I have something to submit in a report. That takes a few minutes to run and can be scheduled to run daily so there’s something in their logs.

    That said, our audits always turn up something new (usually benign), so I’d be very suspicious of an “all clear” result.

    • Elvith Ma'for@feddit.org
      link
      fedilink
      arrow-up
      32
      ·
      7 days ago

      Also, even without a prior pentest the admins should have a rough idea where problems areas are (or maybe even know them for a fact but cannot completely patch/disable them to not lock out legacy systems or so). A completely empty report would definitely raise suspicions