Home page logo

basics logo Security Basics mailing list archives

RE: Vulnerability Assessment Checklists?
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Mon, 1 Dec 2003 16:37:29 -0800

        Congrats on your Sec+, I wrote on the beta for that exam and it
was well written, compared to some of the other CompTIA exams. I've
never really used any checklists or templates when conducting a security
analysis. I take a look at it from the prospective of how would I get
into this network. Do I war-dial a modem bank, do I run NMap or Nessus
against the external/DMZ hosts. Do I craft a virus/Trojan to open up a
hole through the firewall for me, etc. I've done testing for some local
credit unions and banks in my area and that approach has not failed me
yet. You need to learn everything about how the company works plus how
their infrastructure works. Some companies might not have modem banks,
or even an Internet connection. Some may use leased lines and others
dialup and others might not have a website. IMHO each company will have
it's own checklist and theory of operation. 

        I conduct an 'attack' following these steps:
                1.) Gather Information.
                        Get information from the client but also as if
you did not have access to the Internal network. DIG the hostname, run
traceroutes, whois the netblock, etc. Get some telco numbers from a
phonebook or website and wardial a small chunk in the area, see if they
own a small block for a PBX.
                2.) Asses the network security.
                        Do they run firewalls network and host based?
What services do they run (HTTP, FTP, SMTP, POP3, etc) what
versions/vendors are those services and are they exploitable. 
                3.) Asses the 'Human' Security.
                        How much do the people know and how much will
they reveal. How large is the company and does everyone know everyone.
I.e. some companies post a 'new to our team' adv. You can target the new
person and usually get much more information out of them.

                4.) Check for vulnerabilities.
                        Run NMap/Nessus against a target/test
host/network. See what an automated scanner can tell you. Physical ones
as well and IT ones. Is the copper exposed for a data line? Can you gain
access to the servers? Are workstations locked when a user walks away,
etc. Can a visitor see all the keys on a keyboard clearly?

                5.) Test an attack.
                        Make sure you have the customers permission
before actually attacking the network, most of the time you never really
need to make it to this point, minus a demonstration or a concept of

        I hope any of this is helpful and good luck.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Kim Clark [mailto:kclark20001 () hotmail com] 
Sent: Monday, December 01, 2003 2:46 PM
To: security-basics () securityfocus com
Subject: Vulnerability Assessment Checklists?


I've finished my Security+, and am almost through my Security Certified 
Network Professional training.

I'm looking for some basic tips and resources (checklists or templates?)
do some vulnerability assessments because I just went  to  donate my 
services at a nonprofit job fair and got plenty of responses.

Since I've never evaluated the security posture of a company before I
use some resources on how to best get started. They run the gamut from
to WANs. Of course, I want to give them some value while gaining
experience for my resume.

Thanks in advance,

Kim Clark

Need a shot of Hank Williams or Patsy Cline?  The classic country stars
always singing on MSN Radio Plus.  Try one month free!  



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]