Re[2]: Penetration Tests

[Edward Cracknell <edward () securIT net>]

Brian Mitchell <brian () firehouse net> wrote:
brian >On Thu, 25 Sep 1997, Marcus J. Ranum wrote:
brian >
brian >> > If you have tools, documentation or a template for considerations
brian >> > I'd be grateful. This will be part of an overall risk/vulnerability
brian >> > audit, which I have no problems with.
<SNIP -for bandwidth>
brian >
brian >Why give it away if you can sell it :)
brian >
brian >

Yes, very true, but I cross-posted to firewalls and checkpoint's alias,
and I have had the usual helpful replies telling my to use SATAN, COPS
etc. 

Maybe I didn't give enough info in my first mail, but I have used these
packages many times, including Crack v5, Netcat, ifstatus, rootkit,
tiger etc.

I am really looking for;

a) a consensus on what should be covered/not in such a test

b) examples (papers)

c) news of commercial products, because I may want to take them on board
to sell to my customers

d) news of other (less common) packages that you can't get from every
wanna-be hacker or security experts page!! ;-)

e) I want to hear from anyone who may be interested in having their
products marketed by quite a large Security organisation over in the UK
to the financial communities (Thanks Marcus and Frank!)

...and so far I am really grateful for all the replies and information
which I will be following up on next week

Finally, has anyone heard on the Intranet penetration testing tool
Netech (I think that's the spelling)? It's an Israeli product.

Thanks in anticipation.

-------------------------------------------------------------
Edward Cracknell 
Security Administrator/Author
edward () SecurIT net
---------  Okay, who put a "stop payment" on my reality check? -----------