[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: whitehat to test a security config



hi ya alex

On Mon, 31 Oct 2005, alex black wrote:

i'm gonna skip the offlist part and raise some questions/comments 
just because it's a fun topic to cover and see other folks comments
and philosophy
	- there will never be "one solution for 2-3 people" but will
	be all different solutions maybe even totally different for each

> I would provide:
> 	-an IP address
> 	-a username & password
> 
> I would want: 
> 	-an attack based on knowing the IP address _only_
> 	-an attack knowing the IP + username & password I provide
> 	-a report on findings, with a limited overview of techniques and tools 
> used.

lets start with "limited overview tools and techniques" for
general security issues ( applies to crackers and defenders )

	top 25 security tools
	http://www.insecure.org/tools.html

- top 20 security boo-boos
	http://www.sans.org/top20/

	if you have one of those "apps" in your project, you'd probably
	want to read lot more about its problems and patches

- to break into a box ... 
	i'm guessing/claiming you want to use "exploit tools" 

- and we'll save the otehr gazillion googleplex of other security options
  to consider for later too

with your "white hat test scenario", 
that will just show that say, a "generic person" cannot login
with uid/pwd ... fairly trivial to stop ...  ( a "1 min" solution )

stopping ssh login, or using uid/pwd doesn't prevent others
from getting into your machines using some other vulnerability
and exploit tools designed to break into the boxes

	- i guess i dont understand why knowing the uid/pwd is
	important to know when doing a "security test", why use
	that restriction for the "security tests"

script kiddies "tools" are just that, meant for the low lying fruits
due to the sheer number of machines out there for ez hits

---- 

questions for you

- what else is in the goals for the security test, where i'm not
  using audit, pen-test, assessments and other "security words"

- what is the consequence if some whitehat/grayhat/blackhat/malicioushat
  does get into the box, what is the process/proceedure/consequences
  and follow up costs to cleanup vs shutdown/change the product line

c ya
alvin



Reply to: