RE: network auditing
From: Meidinger Chris (chris.meidinger_at_badenit.de)
Date: 10/14/03
- Previous message: Roberto C. Torres A.: "about policy, standars ..."
- Maybe in reply to: cc: "network auditing"
- Next in thread: Lee Rich: "Re: network auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: 'cc' <cc@belfordhk.com>, Security Basics <security-basics@securityfocus.com> Date: Tue, 14 Oct 2003 19:14:32 +0100
look for the OSSTMM - Open Source Security Testing Methodology Manual - from
ISECOM's web site. That should give you a good start.
Chris Meidinger
-----Original Message-----
From: cc [mailto:cc@belfordhk.com]
Sent: Tuesday, October 14, 2003 12:20 PM
To: Security Basics
Subject: network auditing
Hi,
I was just reading the thread on the "NASA security Audit"
and felt that perhaps I should think of a way to audit
two networks that I'm in charge of.
I'm relatively new at security issues(esp. audits,
penetration tests, etc..) so perhaps someone could
clarify some questions.
Does one really need a certification in order to
do all this auditing? Right now, I'm learning
the whole security process on my own and as it
stands, it's quite overwhelming.
I have a firewall and an IDS set up(Just learnt not
too tell anyone what type..*grin*), so all I'm
interested in knowing is whether or not I can
drill through the firewall and make it such that
the attack is undetected.
Sure I can go out and ask people to test the
networks; but as far as I know, that's a very
stupid thing to do. (Am I correct?)
I've read about the 'blackbox' and 'crystal' tests
(from the NASA Audit thread) and would like to know
how I can apply those tests, especially what type
of tools required. (Or should I even bother?)
So far, (if someone can tell me if I've
gotten this concept of an audit right) I've
grasped that an external audit is as
follows:
1) Port scan the target network IP.
2) Get the list of open/closed ports are available
(probably just Open ports, right?)
3) For each port use a specific tool to gain
access (starting from a simple approach to
a more technically involved approach). ie.
ftp port use ftp.
4) if simple access isn't available (ie cannot
do any ftp password guessing either by
brute force or dictionary approach to
standard account names), then try using
particular vulnerabilities in that protocol
to attack/gain access to the system.
That's basically it, right?
Are there any particular books that I should take
a gander at?
Thank you for your help in understanding
this overwhelming topic.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Roberto C. Torres A.: "about policy, standars ..."
- Maybe in reply to: cc: "network auditing"
- Next in thread: Lee Rich: "Re: network auditing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
