Re: Penetration Tests

[Darren Reed <darrenr () cyber com au>]

In some mail I received from Edward Cracknell, sie wrote
> Hi,
>
> I'd really like some input regarding penetration tests. Internal and
> External. If you have tools, documentation or a template for considerations
> I'd be grateful. This will be part of an overall risk/vulnerability
> audit, which I have no problems with.
[...]
> Any comments, advice or input would be appreciated.

If you dig back through the archives of CERT announcements, you'll find
a list of "problems".  If you dig back through some of the other archives,
for lists such as bugtraq, you'll find details for some of those (including
exploits).  If you want to do more research, start looking up things like
Phrack and around web pages for hacking documents & exploits.  This
probably won't give you pre-rolled "penetration tests", but it will give
you knowledge of what vulnerabilities to look out for.

You might even find some older versions of tools such as iss which are
minus the graphical bloating.  Hmmm, downloading the trial version of
ISS (with the docs) might be worthwhile for reading the docs - what
sort of vulnerabilities to expect, etc.

I'm not sure that this really answers your question...most of the tools
commercially available are enhanced versions of SATAN - just with more
options put in them.  The real intelligence is in the various subroutines
which do the testing and given exploits are fairly easy to obtain, it
is certainly possible to expand the utility of SATAN.

The $$ question is, how much time do you want to spend doing this and what
that cost will be vs. buying something like ISS to do it for you.

Darren