RE: Need Check list for Testing HSIA...

["Paul Melson" <pmelson () gmail com>]

> I'm looking to test the High Speed Internet Access(HSIA) for a hotel.
> I'd like to know the better way to approach it.
> For your information the Access Gateway that is being used is Nomadix!!!!!
> So can anyone provide me the check list to perform the necessary steps to
go further.

In addition to looking at the gateway device for vulnerable services, you
should also look at the web interface to see if there ways that you can
bypass authentication, access administrator pages, etc.  You should look at
whether or not ARP spoofing/poisoning (and thus sniffing/hijacking) is
possible from the public side of the gateway.  You should look at whether
hijacking of authenticated IP addresses is possible.

Also, there is typically a "bypass list" on the gateway of hosts that can be
accessed without authentication.  This is usually defined by the vendor or
reseller, and could be interesting.

Good luck!

PaulM


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------