Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Small Network Pen Testing
From: "Michael Scheidell" <scheidell () secnap net>
Date: Sat, 4 Nov 2006 08:42:12 -0500


-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Rocky
Sent: Friday, November 03, 2006 9:27 AM
To: pen-test () securityfocus com
Subject: Small Network Pen Testing


Hi List,

I have clients that has only less than 30 computers and
3 servers running and a couple of cisco devices/WAP.
I installed their cisco devices,router/swithes & WAP but
they wanted me to pen testing their network and i did
using purely nmap.

Is there any simple and precise method for pen testing
small network?

No :-)

Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are
you taking about vulnerabilities assessments? (list ALL possible
vulnerabilities, ie: PCI compliance type testing).  Are you talking
about doing this INTERNALLY? (checking password policies, security
policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you
mean they have a WAP->http gateway? Or WPA? They have wireless
(802.11/b/g))

At LEAST, run some freebie tools against it, like nessus
(www.nessus.org)

If client is under some type of government regulations (HIPAA, GLBA,
SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT
security compliance audit.
-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security: 
Real time security alerts: http://www.secnap.com/news 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault