mailing list archives
Advanced Network Infrastructure Assessment Questions....
From: Joseph McCray <joe () learnsecurityonline com>
Date: Sat, 30 Jun 2007 10:25:02 -0400
I'm starting to do more and more network infrastructure assessment work
(specifically auditing Routers/Switches/Firewalls/VPNs/etc), and I'm
really looking to expand the scope of this service and make my audit as
thorough as possible.
Basically, the stuff that I'm hitting the hardest right now is SNMP,
TFTP, NTP, VPN psk stuff, firewall leak testing, and of course weak
passwords/clear text protocols for network management.
My most commonly used tools right now are:
* nmap (obviously)
* onesixtyone (and other snmp tools)
* ike-scan (and other scripts)
Tools of interest for me are scapy and yersinia. Just really haven't sat
down and learned them, but read about and have played with them a little
(never on an audit though).
I'm looking for other things that I may be forgetting/neglecting. I'm
running into a lot more non-cisco gear so that is new for me (Extreme,
Foundry, Juniper, etc). So I'm looking for good general information that
will help me improve my audits in that area.
I'm specifically looking for more links on auditing NAC solutions (a
methodology that I could follow or at least point me in the right
direction). More stuff like this:
...and Ofir Arkin's research on the subject
I'm also looking for people that are auditing things like 802.1x, and/or
doing 802.1x implementations in a hybrid network infrastructure (i.e.
Cisco, Extreme, Foundry, blah blah blah).
Let me know guys...I could really use the help.
Toll Free: 1-866-892-2132
Email: joe () learnsecurityonline com
Learn Security Online, Inc.
* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access
"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."
- Zig Ziglar
Description: This is a digitally signed message part
- Advanced Network Infrastructure Assessment Questions.... Joseph McCray (Jun 30)