Firewall Wizards mailing list archives
Re: Penetration Tests
From: Darren Reed <darrenr () cyber com au>
Date: Fri, 26 Sep 1997 14:48:12 +1000 (EST)
In some mail I received from Edward Cracknell, sie wrote
Hi, I'd really like some input regarding penetration tests. Internal and External. If you have tools, documentation or a template for considerations I'd be grateful. This will be part of an overall risk/vulnerability audit, which I have no problems with.
[...]
Any comments, advice or input would be appreciated.
If you dig back through the archives of CERT announcements, you'll find a list of "problems". If you dig back through some of the other archives, for lists such as bugtraq, you'll find details for some of those (including exploits). If you want to do more research, start looking up things like Phrack and around web pages for hacking documents & exploits. This probably won't give you pre-rolled "penetration tests", but it will give you knowledge of what vulnerabilities to look out for. You might even find some older versions of tools such as iss which are minus the graphical bloating. Hmmm, downloading the trial version of ISS (with the docs) might be worthwhile for reading the docs - what sort of vulnerabilities to expect, etc. I'm not sure that this really answers your question...most of the tools commercially available are enhanced versions of SATAN - just with more options put in them. The real intelligence is in the various subroutines which do the testing and given exploits are fairly easy to obtain, it is certainly possible to expand the utility of SATAN. The $$ question is, how much time do you want to spend doing this and what that cost will be vs. buying something like ISS to do it for you. Darren
Current thread:
- Re: Penetration Tests, (continued)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Re[2]: Penetration Tests Arjan Vos (Sep 27)
- Re: Re[2]: Penetration Tests Alfred Huger (Sep 27)
- Re: Penetration Tests Brian Mitchell (Sep 26)
- Re: Penetration Tests Paul D. Robertson (Sep 26)
- Re: Penetration Tests Bennett Todd (Sep 26)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re: Policy ? (was RE: Penetration Tests) Edward Cracknell (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Bennett Todd (Sep 29)
- Re: Policy ? (was RE: Penetration Tests) Paul D. Robertson (Sep 30)
- Policy ? (was RE: Penetration Tests) Capt Jim Bailey - SSG/SINS - DSN 596-6106 (Sep 26)
- Re[2]: Penetration Tests Edward Cracknell (Sep 26)
- Re: Penetration Tests -= ArkanoiD =- (Sep 26)