RE: penetration tester advice

[Dave.Hartley () uk delarue com]

Pen testing is not as simple as firing up a scanner and exploiting or simply
identifying and patching the exploitable service/applications/protocols
etc.. that your scanner will throw up.

There are many different approaches to consider and many different tools to
utilise dependent on the desired results.

You should clarify exactly what you hope to achieve from your "Pen Testing".

For example do you simply wish to ensure that you have patched your systems
and not test your Firewalls or IDS for example.

There are many scenarios to consider.

If you fire up say nessus (pure example) and launch a full blown scan
against all of your network through your firewall and your IDS, those layers
are going to go nuts logging and alerting like crazy.  This may demonstrate
that your firewall/IDS has holes and exposes vulnerabilities to an outsider.
Or not show you any results, leaving you possibly with a false sense of
security.

As a serious intruder wouldn't be so silly.  He/She would use common tools
such as Traceroute, Ping, Telnet etc.. over periods of time (Sometimes
months) depending on the "prize" and determination of the attacker.  The
above test would not make me sleep well at night knowing that this kind of
attack would go unnoticed.  

The best advice is to investigate Pen Testing and techniques a lot more in
depth before launching yourself into the task.  You will learn a lot and you
will be able to confidently and accurately be able to report on the security
level of your network.

If on the other hand you simply want to ensure that all your machines are
fully patched and up to the latest SP's and aren't exposing any great
security holes on your local or WAN networks, then using vulnerabilities
scanners are a quick and sometimes easy way to do this.

My best advice is really investigate the subject matter extensively and draw
up or clarify exactly what it is you wish to test and prove.

i.e correct or effective Firewall Policies, correct implementation and
location of IDS's, secure operating systems and applications the list goes
on, and to achieve each you need to have a structured methodical approach to
your "Pen Test".

Try the following course (If you can..)
http://www.networkintrusion.co.uk/hacking.htm#ISS

I'm sure you will recieve lots of alternative resources, URLS and books
etc.. so I won't bother filling my mail with those.

If you want anything offline, ask.

Regards

-----Original Message-----
From: Mehmet Buyukozer [mailto:mbuyukozer () gmx co uk]
Sent: 17 September 2003 20:13
To: security-basics () securityfocus com
Subject: penetration tester advice


Hi All; i dont know if i am sending this mail to wrong list but my problem
is; i need some advice for penetration test. some of our clients wanted us
to make them penetration test. I am already familiar with nessus, but they
wanted to be test with different applications for scanning. Can u give me
the names which are ur favourite. Thanx in advance


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------


This message is strictly private and contains confidential information intended only for the use of the person named 
above. If you have received this e-mail in error and are not the intended recipient you must not disclose, copy or 
distribute it to anyone else. Please immediately advise the sender and delete this email and all attachments.


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------