Re: Internal Servers (noob post)

[Terry M <tmccork () gmail com>]

Server hardening is important whether the perimeter is secured or not
for the simple reason that most "hackers" these days do not go after
firewalls, the target users. A Phishing email or web browser
vulnerability is all it would take to gain access to the internal
chewy center of the network at which point the servers would become
targets. Typical escalation techniques would include default accounts,
vulnerable protocols (ftp, telnet, rlogin, etc), un-patched systems,
there is a long list... So the short answer to your question is harden
your servers. Do not forget about making sure that shares are only
open to people that need access to the data.

Cheers,

Terry

On Tue, Jun 2, 2009 at 5:56 AM, pma111 <pmaneedham () hotmail com> wrote:
> I wonder if you could give me some pointers on ways you pen testers would try
> to penetrate / or gain access to an organisations internal server “farm”. I
> have read numerous hardening guides for both UNIX and Windows Servers, which
> we use for our host based Systems, but our IT dept insist perimeter defences
> (firewall etc) are sufficient to protect the internal servers so there is no
> need to invest heavily or put resources into hardening internal servers. Is
> this statement valid or would hardening internal servers also give pen
> testers a hard time gaining access to data, backups or host based apps
> residing on internal servers?
>
> What I am really after (I am no pen tester but am intreged by what
> techniques you guys use) is to get into the mindset of the ways you guys
> would try and gain access to our internal servers and data? If I make some
> assumptions, could someone with experience (be it white hat, black hat, grey
> hat) give me some pointers as to whether my assumptions are correct?
>
> To attack (bring down, steal confidential data etc) one of our internal
> servers would you always try to penetrate the firewall or find some
> vulnerability in the firewall in order to get remote access into our
> internal servers?
>
> Once through the firewall what methods would you guys use to gain access to
> the server? Would you try default accounts that you know exist (I noticed
> the vast majority of hardening guides always say disable or remove
> unnecessary default UNIX / Windows accounts etc)?
>
> Is hardening an internal server much protection if somebody has broken
> through the Firewall or is easy practice to still get data off internal
> servers?
>
> Any pointers most welcome.
>
> Regards,
>
>
> --
> View this message in context: http://www.nabble.com/Internal-Servers-%28noob-post%29-tp23832003p23832003.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------