Re: Anyone could help with a penetration test ?
Alvin Oga wrote:
On Thu, 17 Mar 2005, Bob Alexander wrote:
Any well known decent inhabitant of this honoured list could spare a few
minutes of his precious time and perform an nmap/nessus scan of my machine ?
doing a nmap/nessus is ez ??
intrepreting it and risk analysis is way trickier
- a silly question:
- what is the purpose of the pen test ??
- what kind of action will be taken as a result of it ?
I am fairly sure I have decently setup my firewall, I have decently
bound services to the addresses that can use them and the programs
delivering these services are up to date sid versions and decently
configured.
That said I know from experience that sometimes a second eye looking can
spot errors even macroscopic. I remember once I was setting up a
firewall in a bank's intranet and to my surprise it was not working as
expected and further analisys showed that the physical networking layout
had been grossly violated by a technician installing a "test" dual
interface machine which acted as a router short circuiting the DMZ and
the intranet :( :( the bank's sec officer was a little distressed :)
Anyway the links you gave me should be quite enough for what I need.
free online nmap/nessus scanners and offline ones too
http://www.Linux-Sec.net/Audit/nmap.test.gwif.html
...
( use the latest sources/binaries for each major service )
been there done that :) up to date sid
- if the machine is 1yr or 3 yr old, it has probably passed
the "real world (security) test" of time
This is just my personal laptop which I use at home, in the office and
at customer premises.
- real world audits, you're constantly bombarded by the script
kiddies
I'd like to see that ... is there a sensible IDS that is not too
difficult to configure and interpret and will not fill up my little free
disk space ? At home I am behind a NAT router with only a few known
ports open and therefore would be surprised to see much traffic.
- blindly apply all patches ... and not worry about
a known exploit vs worrying about new exploits in new patches
and new versions
agree 100%
- if you're running dhcp without mac addy restrictions,
consider yourself an open network
- even if you do have mac addy locked down to the
ip#, the crackers will be able to change their mac addy
to match
I am running DHCP on my router's internal interface which is a private
192.168 class and have physical control of the cabling (talking about my
home desktop :-> still trust my wife, kids and dog even though my
hamster sometimes looks at me with strange eyes).
- if you are running open wireless ... you're good as dead
and wep is broken
not yet but considering to ...
AFAIK the newer WEP schemes do not have weak IVs and to be broken need
300-400K frames to be captured with airsnort/aircrack. Also with kismet
I cannot see any wifi activity in my home. I therefore thought that if I
use a new WEP implementation and chnage the WEP key say a couple of
times a month I should have a manageable risk. BTW my sole traffic at
home is to the debian-user list and similar. Sniff that if you like :)
:) (half joke since I do use IMAP to retrieve my emails and my ISP does
not serve that over SSL afaik).
- if you are using wpa enabled, you're at least in better
shape and hopefully running everything with ssh
any unexpensive AP to suggest ?
- how easy is it for the "janitor" to walk out with a PC/laptop
See above ... it's only the hamster which worries me but my laptop is
still to heavy for her :)
- how easy is it for the competitor to dumpster dive
and get your ip# and email addy and passwords
again my house is guarded by a nasty dog :)
- tons of stuff to worry about ...
100% agree ... and by far IT is what is less of a worry to me ! :(
- am replying into the list cause, i think others might have
similar questions
Of course since your reply is useful to everybody :) I mentioned private
email only to exchange IPs ...
Alvin,
as always very nice "talking" to you,
Take care,
Bob
Reply to: