Penetration Testing mailing list archives
Re: Internal pen-test
From: Ramiro Caire <ramiro.caire () gmail com>
Date: Wed, 02 Jul 2008 16:01:27 -0300
Hi Taras, There are many things to check. Some things that springs to mind are: - Access level on desktop PC - Check the shares resources permissions - Patch level on servers - Wireless connections - Sniffing - Footprinting - Physical security - Internal ports on servers - Check for unnecesary servers - Unnecesary dial-up connections And much more... some useful links: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://www.penetration-testing.com/ http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx Regards Ramiro Taras P. Ivashchenko wrote:
Hello, everybody! Is anybody made internal pen-tests? What is the difference between external pen-test and internal? As I think, in internal ARP spoofing, sniffing are possible, something more?
------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Internal pen-test Taras P. Ivashchenko (Jul 02)
- Re: Internal pen-test Ramiro Caire (Jul 02)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- Re: Internal pen-test Taras Ivashchenko (Jul 07)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- <Possible follow-ups>
- Re: Internal pen-test ddidier (Jul 03)
- Re: Internal pen-test Ramiro Caire (Jul 02)