Penetration Testing mailing list archives

Re: [PEN-TEST] Sample penetration report

From: Knowledgebase i-Net Security <knowledgebase () LYCOS COM>
Date: Tue, 22 Aug 2000 16:03:53 -0900

 Mark of NetworkIce has a cool Recommendation... But for ME It's Not really GOOD coz` if ur going to produce s0me 
reports it should Be Detailed and a Non very Technical One coZ` for TEchnical People it's Not but if ur talking about 
some I.T. managers who's that very familiar... w/ that terminologies u have to re defined... it Should be Literaly 
Understandable... just a Simple Report Like this ONE:

LOw risk:
Medium Risk:
High Risk:
Problem:
Effect:
Recommendation:

  Remember.... We're Considering ALL Educated and Non security Educated Person that's why they will Avail some Security 
services.... thanks,,
-----------------

On Tue, 22 Aug 2000 17:23:53
 Teicher, Mark wrote:

Here is an outline that has been used by several different organizations
over the years and in some cases still being used by some of the larger
type security consulting practices:


Executive Summary
Findings
Recommendations

Introduction
Purpose and Scope
Network Map .
Remote Dial-in Map
Findings and Recommendations

Organizational and Procedural Issues
Network Security Responsibility
Internal Restrictions
Network-Wide Vulnerabilities
Firewall
Intrusion Detection and Security Monitoring
Host Vulnerabilities
Dial-in Vulnerabilities
Password Issues
Network Vulnerabilities

Recommendations

Industry Best Practices
Network Considerations
Network Addressing
Firewalls
Automated Systems
Intrusion Detection and Security Monitoring
Vulnerability Scanning
Host Considerations
System Banners
Dial-in Access
Remote Management of Network Infrastructure Devices
Centralized Security Authority

Informational Services

User Authentication .
Passwords
Password Administration
Password Structure and Policy

Appendix

Assessment Process Overview
Background
Security as an Operational Process
Security Posture Defined
Assessment Process
Network Discovery
Target System and Vulnerability Identification
Data Analysis and Security Design Review


At 03:46 PM 8/21/00 -0400, Christopher M. Bergeron wrote:

Can anyone point me to a sample penetration test / vulnerability analysis
report somewhere?  What types of things does one usually put in such a
report?



Send your favorite photo with any online greeting!
http://www.whowhere.lycos.com/redirects/americangreetings.rdct

Current thread:

[PEN-TEST] Sample penetration report Christopher M. Bergeron (Aug 22)
- Re: [PEN-TEST] Sample penetration report Teicher, Mark (Aug 22)
- Re: [PEN-TEST] Sample penetration report The Unicorn (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Sample penetration report Knowledgebase i-Net Security (Aug 23)
  - Re: [PEN-TEST] Sample penetration report Teicher, Mark (Aug 23)