Penetration Testing mailing list archives
RE: Vulnerability assessment for small business
From: "Michael Scheidell" <scheidell () secnap net>
Date: Sun, 2 Oct 2005 17:18:55 -0400
-----Original Message----- From: Billy Dodson [mailto:billy () pmicromart com] Sent: Tuesday, September 27, 2005 5:34 PM To: pen-test () securityfocus com Subject: Vulnerability assessment for small business When doing a vuln assessment for a small business (25 PC's, no server) which is using a peer-to-peer windows network, how do you approach this? Say the customer has a firewall...but they don't host any services. All of the PC's have local
Client already failed. Without a central policy manager, they have no hope at all of locking out a future ex-employee. First thing to do is convince them to get that issue resolved. Other than that, even without a central username, password, you could run nessus, and metasploit on it and you WILL come up with lots of reasons to move toward central policy management. Hydra with smb support or smbbf could check each local machine for weak passwords. You might also specify that you will conduct individual scans on several 'sample' systems, locally, on the machine. Run Microsoft security baseline analyzer. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Vulnerability assessment for small business Jarmon, Don R (Oct 01)
- <Possible follow-ups>
- Re: Vulnerability assessment for small business Susan Bradley (Oct 01)
- Re: Vulnerability assessment for small business Ivan . (Oct 01)
- RE: Vulnerability assessment for small business Michael Scheidell (Oct 02)