Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Small Network Pen Testing
From: Rocky <pixscreenpoint () gmail com>
Date: Mon, 6 Nov 2006 09:10:36 -0800

I actually used nmap & nessus. The company don't want to
hire 3rd party pen-test engineer because of the cost,they have
presented a procedure and the cost is US$8,000.

What i did is just scanned the whole network for open ports and
vulnerablities and locked down the ports that are not need to be open
and get nothing but a lap dance hehe.

I did internal and external pen test.I actually told them that what
i did is only scanning not the real pen-test stuff.

Thank you all for replying.

On 11/4/06, Stefano Zanero <s.zanero () securenetwork it> wrote:
Rocky wrote:

> they wanted me to pen testing their network and i did

1) it is unethical to pen test a network you designed, because you
already know what you will find, you already know the internals, so what
kind of "penetration test" are you doing ?

> using purely nmap.

2) Selling an nmap scan as a pen test is even worse than unethical.

> Is there any simple and precise method for pen testing
> small network?

This process is composed of 2 steps
1) evaluate if a penetration test is really needed (it sounds as it
probably isn't) and then
2) have your customer hire someone else than yourself, who can also in
fact do a penetration test

Sorry for the bluntness.


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]