mailing list archives
Re: Re: Pen-Testing New Server - Where to start?
From: adrian-lazar () hotmail com
Date: 14 Nov 2007 17:11:22 -0000
Assuming no information was provided about the new system, I use the following approach when pen-testing a new server
in a new network:
1. Identify the purpose of the system. Is it a web, ftp, firewall, proxy, etc. system?
2. Identify location of system in remote network. Is it behind a firewall, router, load balancer, etc.
3. Determine what public services are running on this system.
4. Based on #3, determine what OS this system runs.
5. Analyze dns records - can you do a dns zone transfer, is there any whois info available?
6. Based on the above steps, start focusing your efforts accordingly.
I hope this gives you an idea of where to start. For more info, have a look at Securityfocus' Pen-Test section and
search other security websites.