Re: Internal pen-test

["Durga Prasad Adusumalli" <asndpp () gmail com>]

Hi Taras,

You could also include

- AntiVirus presence and update checks
- Screensaver settings
- Desktop security measures like presence of firewall

Regards,
Durga Prasad.

On Thu, Jul 3, 2008 at 12:31 AM, Ramiro Caire <ramiro.caire () gmail com> wrote:
> Hi Taras,
>
> There are many things to check. Some things that springs to mind are:
>
> - Access level on desktop PC
> - Check the shares resources permissions
> - Patch level on servers
> - Wireless connections
> - Sniffing
> - Footprinting
> - Physical security
> - Internal ports on servers
> - Check for unnecesary servers
> - Unnecesary dial-up connections
>
> And much more...
>
> some useful links:
> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
> http://www.penetration-testing.com/
> http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx
>
> Regards
> Ramiro
>
>
>
>
> Taras P. Ivashchenko wrote:
> > Hello, everybody!
> >
> > Is anybody made internal pen-tests?
> > What is the difference between external pen-test and internal?
> > As I think, in internal ARP spoofing, sniffing are possible, something
> > more?
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------