RE: Small Network Pen Testing




-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Rocky
Sent: Friday, November 03, 2006 9:27 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: Small Network Pen Testing


Hi List,

I have clients that has only less than 30 computers and
3 servers running and a couple of cisco devices/WAP.
I installed their cisco devices,router/swithes & WAP but
they wanted me to pen testing their network and i did
using purely nmap.

Is there any simple and precise method for pen testing
small network?

No :-)

Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are
you taking about vulnerabilities assessments? (list ALL possible
vulnerabilities, ie: PCI compliance type testing). Are you talking
about doing this INTERNALLY? (checking password policies, security
policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you
mean they have a WAP->http gateway? Or WPA? They have wireless
(802.11/b/g))

At LEAST, run some freebie tools against it, like nessus
(www.nessus.org)

If client is under some type of government regulations (HIPAA, GLBA,
SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT
security compliance audit.
--
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
Keep up to date with latest information on IT security:
Real time security alerts: http://www.secnap.com/news

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------