Re: Anyone could help with a penetration test ?

To: Bob Alexander <bob@ngi.it>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: Re: Anyone could help with a penetration test ?
From: Alvin Oga <aoga@ns.Linux-Consulting.com>
Date: Thu, 17 Mar 2005 16:58:21 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1050317163908.28469A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 423982DD.5060705@ngi.it>


On Thu, 17 Mar 2005, Bob Alexander wrote:

> Any well known decent inhabitant of this honoured list could spare a few 
> minutes of his precious time and perform an nmap/nessus scan of my machine ?

doing a nmap/nessus is ez ??

intrepreting it and risk analysis is way trickier 

- a silly question:
	- what is the purpose of the pen test ??
	- what kind of action will be taken as a result of it ?

free online nmap/nessus scanners and offline ones too

	http://www.Linux-Sec.net/Audit/nmap.test.gwif.html
 
	- nmap says port25 is open on your mail server .. now what
	- nmap says port80 is open on your web server .. now what
 	- nmap says port53 is open on your dns server .. now what

	( use the latest sources/binaries for each major service )

	- if the machine is 1yr or 3 yr old, it has probably passed
	the "real world (security) test" of time

		- is it time to change and upgrade  or leave it alone
		for another year or 3

other (free) online audits... 

	is pen tests the same as audits, since nmap/nessus was mentioned,
	for now, it is the "same", even if its way different

	- real world audits, you're constantly bombarded by the script
	kiddies

	http://www.Linux-Sec.net/DNS/#Testing

	http://www.Linux-Sec.net/Web/#Testing

	http://www.Linux-Sec.net/Mail/OpenRelay

	http://www.Linux-Sec.net/Firewall/Testing

	http://www.Linux-Sec.net/Audit/Tools.fs  ( file system tests )

	http://www.Linux-Sec.net/Audit/Tools.sw ( software audits )
 

other more easily accomplished pen-tests .. ( that they can in )

	- blindly apply all patches ... and not worry about
	a known exploit vs worrying about new exploits in new patches
	and new versions

	- if you're running dhcp without mac addy restrictions,
	consider yourself an open network
		- even if you do have mac addy locked down to the
		ip#, the crackers will be able to change their mac addy
		to match

	- if you are running open wireless ... you're good as dead
	and wep is broken

	- if you are using wpa enabled, you're at least in better
	shape and hopefully running everything with ssh

	- how easy is it for the "janitor" to walk out with a PC/laptop

	- how easy is it for the competitor to dumpster dive
	and get your ip# and email addy and passwords

- tons of stuff to worry about ...

- endless fun list of "what security tests to do" and why and what to
  protect against

> Please followup in private email.

- am replying into the list cause, i think others might have
  similar questions 

c ya
alvin

Reply to:

Follow-Ups:
- Re: Anyone could help with a penetration test ?
  - From: Bob Alexander <bob@ngi.it>

References:
- Anyone could help with a penetration test ?
  - From: Bob Alexander <bob@ngi.it>

Prev by Date: Re: Alsa, the easy way
Next by Date: Re: bash script - quotes in variables
Previous by thread: Anyone could help with a penetration test ?
Next by thread: Re: Anyone could help with a penetration test ?
Index(es):
- Date
- Thread