Penetration Testing mailing list archives
RE: Internal Penetration Testing
From: Gorgon Beast <gorgonbeast () hotmail com>
Date: Mon, 15 Jun 2009 07:34:28 -0700
Internal pen testing can the same as external pentesting. Studying the results may take a lot longer, though. You will collect a LOT of data abotu systems on your network. The first thing to do is harden the systems to mitigate risk, while keeping usability. For example, turn off services that aren't in use is a good first step. There are many books out there on harding different operating systems. After you have finished the hardening, you can use your favorite tools to attempt to gain access to your own machines. I use the same ones that I use to test the perimeter systems of our network. As for books, There are many out there. Generaly, it's a good idea to read about both sides so you know what to secure, and how to attempt to break it. I started with the Hacking Exposed series, it gives some good tools to look at to understand what is really happening on a network. From that information, you can determine which of your systems need attention first. Another good place for information is to read about how audits work. Many times, they can give you a path that you would like to follow for your own network. Read how a SAS70 audit works, and how they are going to check your results. Read how SOX auditing works and what needs to change on your network to make it compliant. Another source for information is the auditors, themselves. There are some very good articles (though old) under Canaudit's Articles/publications sections of their web site.
Date: Thu, 11 Jun 2009 05:10:27 -0700 From: pmaneedham () hotmail com To: pen-test () securityfocus com Subject: Internal Penetration Testing Can anybody recommend any good books, or ideally free online references to start learning the techniques of internal penetration testing? I.e. getting onto (access to) network shares, private network drives, internal servers, systems, from inside the Network that someone is not authorised to do? I wont ask for specific pointers just some good online guides so I can begin to identify the techniques that give rise to the "threat from within" etc. Regards, -- View this message in context: http://www.nabble.com/Internal-Penetration-Testing-tp23980128p23980128.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
_________________________________________________________________ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Internal Penetration Testing pma111 (Jun 12)
- Re: Internal Penetration Testing Stephen Mullins (Jun 15)
- RE: Internal Penetration Testing Dr David Scholefield (Jun 16)
- Re: Internal Penetration Testing Adriel T. Desautels (Jun 16)
- Re: Internal Penetration Testing Gichuki John (Jun 17)
- Re: Internal Penetration Testing Stephen Mullins (Jun 18)
- Re: Internal Penetration Testing Adriel T. Desautels (Jun 18)
- RE: Internal Penetration Testing Mark van der Meulen (Jun 19)
- Re: Internal Penetration Testing Stephen Mullins (Jun 15)
- RE: Internal Penetration Testing Gorgon Beast (Jun 15)
- <Possible follow-ups>
- Re: Internal Penetration Testing christopher . riley (Jun 16)