Penetration Testing mailing list archives
RE: Small Network Pen Testing
From: "Michael Scheidell" <scheidell () secnap net>
Date: Sat, 4 Nov 2006 08:42:12 -0500
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Rocky Sent: Friday, November 03, 2006 9:27 AM To: pen-test () securityfocus com Subject: Small Network Pen Testing Hi List, I have clients that has only less than 30 computers and 3 servers running and a couple of cisco devices/WAP. I installed their cisco devices,router/swithes & WAP but they wanted me to pen testing their network and i did using purely nmap. Is there any simple and precise method for pen testing small network?
No :-) Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are you taking about vulnerabilities assessments? (list ALL possible vulnerabilities, ie: PCI compliance type testing). Are you talking about doing this INTERNALLY? (checking password policies, security policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you mean they have a WAP->http gateway? Or WPA? They have wireless (802.11/b/g)) At LEAST, run some freebie tools against it, like nessus (www.nessus.org) If client is under some type of government regulations (HIPAA, GLBA, SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT security compliance audit. -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Small Network Pen Testing Rocky (Nov 03)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)
- Re: Small Network Pen Testing Rocky (Nov 06)
- <Possible follow-ups>
- RE: Small Network Pen Testing Michael Scheidell (Nov 04)
- Re: Small Network Pen Testing Stefano Zanero (Nov 04)