Security Basics mailing list archives
RE: network auditing
From: Meidinger Chris <chris.meidinger () badenit de>
Date: Tue, 14 Oct 2003 19:14:32 +0100
look for the OSSTMM - Open Source Security Testing Methodology Manual - from ISECOM's web site. That should give you a good start. Chris Meidinger -----Original Message----- From: cc [mailto:cc () belfordhk com] Sent: Tuesday, October 14, 2003 12:20 PM To: Security Basics Subject: network auditing Hi, I was just reading the thread on the "NASA security Audit" and felt that perhaps I should think of a way to audit two networks that I'm in charge of. I'm relatively new at security issues(esp. audits, penetration tests, etc..) so perhaps someone could clarify some questions. Does one really need a certification in order to do all this auditing? Right now, I'm learning the whole security process on my own and as it stands, it's quite overwhelming. I have a firewall and an IDS set up(Just learnt not too tell anyone what type..*grin*), so all I'm interested in knowing is whether or not I can drill through the firewall and make it such that the attack is undetected. Sure I can go out and ask people to test the networks; but as far as I know, that's a very stupid thing to do. (Am I correct?) I've read about the 'blackbox' and 'crystal' tests (from the NASA Audit thread) and would like to know how I can apply those tests, especially what type of tools required. (Or should I even bother?) So far, (if someone can tell me if I've gotten this concept of an audit right) I've grasped that an external audit is as follows: 1) Port scan the target network IP. 2) Get the list of open/closed ports are available (probably just Open ports, right?) 3) For each port use a specific tool to gain access (starting from a simple approach to a more technically involved approach). ie. ftp port use ftp. 4) if simple access isn't available (ie cannot do any ftp password guessing either by brute force or dictionary approach to standard account names), then try using particular vulnerabilities in that protocol to attack/gain access to the system. That's basically it, right? Are there any particular books that I should take a gander at? Thank you for your help in understanding this overwhelming topic. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- network auditing cc (Oct 14)
- <Possible follow-ups>
- RE: network auditing Hagen, Eric (Oct 14)
- Re: network auditing cc (Oct 15)
- Re: network auditing Ansgar -59cobalt- Wiechers (Oct 16)
- Re: network auditing cc (Oct 15)
- RE: network auditing Meidinger Chris (Oct 14)
- Re: network auditing Lee Rich (Oct 15)
- RE: network auditing Hagen, Eric (Oct 16)