Home page logo

basics logo Security Basics mailing list archives

Re: Re: Pen-Testing New Server - Where to start?
From: adrian-lazar () hotmail com
Date: 14 Nov 2007 17:11:22 -0000

Assuming no information was provided about the new system, I use the following approach when pen-testing a new server 
in a new network:

1. Identify the purpose of the system. Is it a web, ftp, firewall, proxy, etc. system?

2. Identify location of system in remote network. Is it behind a firewall, router, load balancer, etc.

3. Determine what public services are running on this system.

4. Based on #3, determine what OS this system runs.

5. Analyze dns records - can you do a dns zone transfer, is there any whois info available?

6. Based on the above steps, start focusing your efforts accordingly.

I hope this gives you an idea of where to start. For more info, have a look at Securityfocus' Pen-Test section and 
search other security websites.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]