Re: Anyone could help with a penetration test ?
On Thu, 17 Mar 2005, Bob Alexander wrote:
> Any well known decent inhabitant of this honoured list could spare a few
> minutes of his precious time and perform an nmap/nessus scan of my machine ?
doing a nmap/nessus is ez ??
intrepreting it and risk analysis is way trickier
- a silly question:
- what is the purpose of the pen test ??
- what kind of action will be taken as a result of it ?
free online nmap/nessus scanners and offline ones too
http://www.Linux-Sec.net/Audit/nmap.test.gwif.html
- nmap says port25 is open on your mail server .. now what
- nmap says port80 is open on your web server .. now what
- nmap says port53 is open on your dns server .. now what
( use the latest sources/binaries for each major service )
- if the machine is 1yr or 3 yr old, it has probably passed
the "real world (security) test" of time
- is it time to change and upgrade or leave it alone
for another year or 3
other (free) online audits...
is pen tests the same as audits, since nmap/nessus was mentioned,
for now, it is the "same", even if its way different
- real world audits, you're constantly bombarded by the script
kiddies
http://www.Linux-Sec.net/DNS/#Testing
http://www.Linux-Sec.net/Web/#Testing
http://www.Linux-Sec.net/Mail/OpenRelay
http://www.Linux-Sec.net/Firewall/Testing
http://www.Linux-Sec.net/Audit/Tools.fs ( file system tests )
http://www.Linux-Sec.net/Audit/Tools.sw ( software audits )
other more easily accomplished pen-tests .. ( that they can in )
- blindly apply all patches ... and not worry about
a known exploit vs worrying about new exploits in new patches
and new versions
- if you're running dhcp without mac addy restrictions,
consider yourself an open network
- even if you do have mac addy locked down to the
ip#, the crackers will be able to change their mac addy
to match
- if you are running open wireless ... you're good as dead
and wep is broken
- if you are using wpa enabled, you're at least in better
shape and hopefully running everything with ssh
- how easy is it for the "janitor" to walk out with a PC/laptop
- how easy is it for the competitor to dumpster dive
and get your ip# and email addy and passwords
- tons of stuff to worry about ...
- endless fun list of "what security tests to do" and why and what to
protect against
> Please followup in private email.
- am replying into the list cause, i think others might have
similar questions
c ya
alvin
Reply to: