Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Internal pen-test
From: "Taras Ivashchenko" <naplanetu () gmail com>
Date: Mon, 7 Jul 2008 17:28:51 +0400

Hello, Durga!

As I think, these items is more usable for security audit, e.g. PCI
DSS audit. Not for pen-test...

Тарас Иващенко (Taras Ivashchenko)
--
"Software is like sex: it's better when it's free.", - Linus Torvalds.


2008/7/3 Durga Prasad Adusumalli <asndpp () gmail com>:
Hi Taras,

You could also include

- AntiVirus presence and update checks
- Screensaver settings
- Desktop security measures like presence of firewall

Regards,
Durga Prasad.

On Thu, Jul 3, 2008 at 12:31 AM, Ramiro Caire <ramiro.caire () gmail com> wrote:
Hi Taras,

There are many things to check. Some things that springs to mind are:

- Access level on desktop PC
- Check the shares resources permissions
- Patch level on servers
- Wireless connections
- Sniffing
- Footprinting
- Physical security
- Internal ports on servers
- Check for unnecesary servers
- Unnecesary dial-up connections

And much more...

some useful links:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.penetration-testing.com/
http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx

Regards
Ramiro




Taras P. Ivashchenko wrote:

Hello, everybody!

Is anybody made internal pen-tests?
What is the difference between external pen-test and internal?
As I think, in internal ARP spoofing, sniffing are possible, something
more?




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault