RE: Small Network Pen Testing

["Michael Scheidell" <scheidell () secnap net>]

> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Rocky
> Sent: Friday, November 03, 2006 9:27 AM
> To: pen-test () securityfocus com
> Subject: Small Network Pen Testing
>
>
> Hi List,
>
> I have clients that has only less than 30 computers and
> 3 servers running and a couple of cisco devices/WAP.
> I installed their cisco devices,router/swithes & WAP but
> they wanted me to pen testing their network and i did
> using purely nmap.
>
> Is there any simple and precise method for pen testing
> small network?

No :-)

Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are
you taking about vulnerabilities assessments? (list ALL possible
vulnerabilities, ie: PCI compliance type testing).  Are you talking
about doing this INTERNALLY? (checking password policies, security
policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you
mean they have a WAP->http gateway? Or WPA? They have wireless
(802.11/b/g))

At LEAST, run some freebie tools against it, like nessus
(www.nessus.org)

If client is under some type of government regulations (HIPAA, GLBA,
SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT
security compliance audit.
-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: 
Real time security alerts: http://www.secnap.com/news 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------