RE: Need help in making penetration testing tool

["Adam Morey" <amorey () healthydirections com>]

Actually it makes perfect sense.

1.  An appliance pen tests an entire company's external network.
2.  The appliance then enables intrusion prevention actions and
reporting on known vulnerabilities.

Really any IPS functions in this way, the manufacturer does the "pen
testing" and provides updates to their IPS applications.  However,
adding pen testing to the appliance might make the devices both more
restrictive - by blocking a service with a known vulnerability even if
there is no "safe" prevention technique, while at the same time faster
and more streamlined as it wouldn't have to look for attack signatures
that it "knows" the internal network is not susceptible to.

Good idea -

Nmap, nessus and snort - while good tools - are hacker toolkits
basically, and are applicable to corporate security but not created for
it.  I think you're idea has merit.  Taking one look at snort signatures
is a perfect example of how ridiculous it is to think that this level of
detail can scale.  IDS as a whole is so labor intensive, most people
dealing with it day-to-day are tired with the false positives.  Again,
combing automated pen testing with IDS makes sense to me, only have your
sensors report on attacks that can actually succeed based on automated
penetration testing, no admin involvement.  While this level of IDS/IPS
isn't perfect, you combine that with other best practices such as audit
logging, and host-based IPS/file integrity monitoring and now we're
talking about a useful automated security system.

This approach does of course assume your comfortable with allowing some
attacks that have no ability to succeed to go unmonitored - which of
course the security industry has learned to do anyway in order to stop
crying wolf all the time.




> -----Original Message-----
> From: baumgartner () oneconsult com [mailto:baumgartner () oneconsult com]
> Sent: Sunday, June 11, 2006 9:13 AM
> To: pen-test () securityfocus com
> Subject: Re: Need help in making penetration testing tool
>
> Hi,
>
> Your idea of combining several functionalities is not so new. So
called
> vulnerability management tools and systems (e.g. SkyBox) combine
assessment
> tools like vulnerability scanners (e.g. Nessus, GFI Languard, Retina),
port
> and network scanners (e.g. Nmap) with security patching funcionality.
>
> But the idea, to combine pen test tools with intrusion detection and
> prevention is knew (as far as I know). But I would not combine such
> functionalities because pen testing and IPS are following different
> approaches. A pen test searches for all (technical) security
weaknesses and
> flaws in the target systems (configuration, firmware, os,
applications,
> services in use, patching level, etc.). An IDP/IPS analyses the
network
> traffic based on patterns.
>
> I would recommend to take a look at the open source tools nmap
> (www.nmap.org), nessus (www.nessus.org) and snort (www.snort.org) to
have an
> idea of the complexity of state of the art security scanners and
ids/ids.
> Maybe you might code a control cockpit for (open source) security
scanners
> and idp/ips.
>
> Regards,
>
> Christoph Baumgartner
>
>  --
> OneConsult GmbH
> IT Security & Strategic Consulting
> Christoph Baumgartner
> lic. oec. publ., OPST
> CEO
>
> Zürcherstrasse 73, 8800 Thalwil, Switzerland
> Tel.: +41 43 443 52 52 - Fax: +41 43 443 52 62
> baumgartner () oneconsult com - www.oneconsult.com
>
>
> mh_omair () yahoo com writes:
>
> > HEllo;
> >    By the way l I am new to  this list.... iam final year  student
of computer
> science...my final year project is a penetration  testing tool..
actually we are trying to
> merge capabilites of both pen  test tool and IPS(not just providing
testing but
> remedies too).. i  donot know if i
> > am thinking in wrong way....
> >   I donot know where to start...please tell me some suggestion and
resources that
> can  help me in my project...right now i need good basics and then
advance concept...
> i believe if i can pentrate a system than it would be easy to close
that doors for
> others.
> >   Waiting for poistive response.....
------------------------------------------------------------------------
------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
> > Choice Award from eWeek. As attacks through web applications
continue to rise,
> > you need to proactively protect your applications from hackers.
Cenzic has the
> > most comprehensive solutions to meet your application security
penetration
> > testing and vulnerability management needs. You have an option to go
with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed
service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to
confirm your
> > results from other product. Contact us at request () cenzic com for
details.
> >
------------------------------------------------------------------------
------
> >
------------------------------------------------------------------------
------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's
> Choice Award from eWeek. As attacks through web applications continue
to rise,
> you need to proactively protect your applications from hackers. Cenzic
has the
> most comprehensive solutions to meet your application security
penetration
> testing and vulnerability management needs. You have an option to go
with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service
can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm
your
> results from other product. Contact us at request () cenzic com for
details.
>
------------------------------------------------------------------------
------





------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------