RE: Small Network Pen Testing

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Rocky
Sent: Friday, November 03, 2006 9:27 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Small Network Pen Testing

Hi List,

I have clients that has only less than 30 computers and
3 servers running and a couple of cisco devices/WAP.
I installed their cisco devices,router/swithes & WAP but
they wanted me to pen testing their network and i did
using purely nmap.

Is there any simple and precise method for pen testing
small network?

No :-)

Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are
you taking about vulnerabilities assessments? (list ALL possible
vulnerabilities, ie: PCI compliance type testing). Are you talking
about doing this INTERNALLY? (checking password policies, security
policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you
mean they have a WAP->http gateway? Or WPA? They have wireless

At LEAST, run some freebie tools against it, like nessus

If client is under some type of government regulations (HIPAA, GLBA,
SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT
security compliance audit.
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security:
Real time security alerts:

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.