Penetration Testing mailing list archives
Re: Internal pen-test
From: "Taras Ivashchenko" <naplanetu () gmail com>
Date: Mon, 7 Jul 2008 17:28:51 +0400
Hello, Durga! As I think, these items is more usable for security audit, e.g. PCI DSS audit. Not for pen-test... Тарас Иващенко (Taras Ivashchenko) -- "Software is like sex: it's better when it's free.", - Linus Torvalds. 2008/7/3 Durga Prasad Adusumalli <asndpp () gmail com>:
Hi Taras, You could also include - AntiVirus presence and update checks - Screensaver settings - Desktop security measures like presence of firewall Regards, Durga Prasad. On Thu, Jul 3, 2008 at 12:31 AM, Ramiro Caire <ramiro.caire () gmail com> wrote:Hi Taras, There are many things to check. Some things that springs to mind are: - Access level on desktop PC - Check the shares resources permissions - Patch level on servers - Wireless connections - Sniffing - Footprinting - Physical security - Internal ports on servers - Check for unnecesary servers - Unnecesary dial-up connections And much more... some useful links: http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html http://www.penetration-testing.com/ http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx Regards Ramiro Taras P. Ivashchenko wrote:Hello, everybody! Is anybody made internal pen-tests? What is the difference between external pen-test and internal? As I think, in internal ARP spoofing, sniffing are possible, something more?------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Internal pen-test Taras P. Ivashchenko (Jul 02)
- Re: Internal pen-test Ramiro Caire (Jul 02)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- Re: Internal pen-test Taras Ivashchenko (Jul 07)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- <Possible follow-ups>
- Re: Internal pen-test ddidier (Jul 03)
- Re: Internal pen-test Ramiro Caire (Jul 02)