RE: Vulnerability Assessment Checklists?
From: Shawn Jackson (sjackson_at_horizonusa.com)
Date: 12/02/03
- Previous message: dave kleiman: "RE: Vulnerability Assessment Checklists?"
- Maybe in reply to: Kim Clark: "Vulnerability Assessment Checklists?"
- Next in thread: H Carvey: "Re: Vulnerability Assessment Checklists?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 1 Dec 2003 16:37:29 -0800 To: "Kim Clark" <kclark20001@hotmail.com>, <security-basics@securityfocus.com>
Congrats on your Sec+, I wrote on the beta for that exam and it
was well written, compared to some of the other CompTIA exams. I've
never really used any checklists or templates when conducting a security
analysis. I take a look at it from the prospective of how would I get
into this network. Do I war-dial a modem bank, do I run NMap or Nessus
against the external/DMZ hosts. Do I craft a virus/Trojan to open up a
hole through the firewall for me, etc. I've done testing for some local
credit unions and banks in my area and that approach has not failed me
yet. You need to learn everything about how the company works plus how
their infrastructure works. Some companies might not have modem banks,
or even an Internet connection. Some may use leased lines and others
dialup and others might not have a website. IMHO each company will have
it's own checklist and theory of operation.
I conduct an 'attack' following these steps:
1.) Gather Information.
Get information from the client but also as if
you did not have access to the Internal network. DIG the hostname, run
traceroutes, whois the netblock, etc. Get some telco numbers from a
phonebook or website and wardial a small chunk in the area, see if they
own a small block for a PBX.
2.) Asses the network security.
Do they run firewalls network and host based?
What services do they run (HTTP, FTP, SMTP, POP3, etc) what
versions/vendors are those services and are they exploitable.
3.) Asses the 'Human' Security.
How much do the people know and how much will
they reveal. How large is the company and does everyone know everyone.
I.e. some companies post a 'new to our team' adv. You can target the new
person and usually get much more information out of them.
4.) Check for vulnerabilities.
Run NMap/Nessus against a target/test
host/network. See what an automated scanner can tell you. Physical ones
as well and IT ones. Is the copper exposed for a data line? Can you gain
access to the servers? Are workstations locked when a user walks away,
etc. Can a visitor see all the keys on a keyboard clearly?
5.) Test an attack.
Make sure you have the customers permission
before actually attacking the network, most of the time you never really
need to make it to this point, minus a demonstration or a concept of
operation.
I hope any of this is helpful and good luck.
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
Email: sjackson@horizonusa.com
Phone: (775) 858-2338
(800) 325-1199 x338
-----Original Message-----
From: Kim Clark [mailto:kclark20001@hotmail.com]
Sent: Monday, December 01, 2003 2:46 PM
To: security-basics@securityfocus.com
Subject: Vulnerability Assessment Checklists?
Hello,
I've finished my Security+, and am almost through my Security Certified
Network Professional training.
I'm looking for some basic tips and resources (checklists or templates?)
to
do some vulnerability assessments because I just went to donate my
services at a nonprofit job fair and got plenty of responses.
Since I've never evaluated the security posture of a company before I
could
use some resources on how to best get started. They run the gamut from
P2P
to WANs. Of course, I want to give them some value while gaining
valuable
experience for my resume.
Thanks in advance,
Kim Clark
_________________________________________________________________
Need a shot of Hank Williams or Patsy Cline? The classic country stars
are
always singing on MSN Radio Plus. Try one month free!
http://join.msn.com/?page=offers/premiumradio
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: dave kleiman: "RE: Vulnerability Assessment Checklists?"
- Maybe in reply to: Kim Clark: "Vulnerability Assessment Checklists?"
- Next in thread: H Carvey: "Re: Vulnerability Assessment Checklists?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
