Penetration Testing mailing list archives
Re: Internal pen-test
From: ddidier () netsecureia com
Date: 3 Jul 2008 09:29:22 -0000
Hello, Taras. As you pointed out, internal pen testing usually has more areas to test. Layer 2 and 3 areas need to be thoroughly tested. You mentioned ARP already - you should also consider testing for these types of issues: DHCP snooping / starvation - ]. DHCP snooping and starvation attacks can disrupt traffic flows by redirecting end systems to un-trusted gateways which capture all traffic. This allows for collection and manipulation of confidential data. This can be prevented in certain switch solutions which support DHCP spoofing and starvation controls. VLAN Hoping - VLAN hopping can allow a user to access a VLAN and the systems in that VLAN which their system isnt currently a member of. This can circumvent security and network integrity in a number of ways. This is normally a problem because the default configuration type for VLAN interfaces is dynamic in many vendor devices and allows VLAN hopping to occur. CAM Overflow / MAC flooding - MAC flooding will flood a switch with packets in order to consume memory and causes a switch to enter the fail-open mode which causes the switch to flood all data out all ports. A packet sniffer can then be used to capture sensitive data which wouldnt normally be accessible. This can be prevented in certain switches by configuring MAC limits per port. Spanning Tree Attacks - Spanning tree attacks have the ability to disrupt redundant layer 2 paths on the network and cause denial of service (Dos) attacks and allow the attacker to see data he wouldnt normally be able to see. Routing Protocol Authentication - Routing protocols control the overall flow of data through a network. It is a fairly simple task to hijack or inject false routes if proper security measures have not been taken. Adding authentication for routing devices and updates greatly reduces these threats. Router / Switch Management Access - The ability to manage network devices, including but not limited to routers and switches needs to be limited to discrete management systems. If possible, this should be a dedicated management network. Hope this helps, Dan Didier http://www.NetSecureIA.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Internal pen-test Taras P. Ivashchenko (Jul 02)
- Re: Internal pen-test Ramiro Caire (Jul 02)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- Re: Internal pen-test Taras Ivashchenko (Jul 07)
- Re: Internal pen-test Durga Prasad Adusumalli (Jul 03)
- <Possible follow-ups>
- Re: Internal pen-test ddidier (Jul 03)
- Re: Internal pen-test Ramiro Caire (Jul 02)