From: Drew Simonis (simonis@myself.com)
Date: Thu Aug 10 2006 - 23:31:53 EDT
Lyndon,
Your course has two possible paths. I'm not sure which one you want to take, maybe both. You mention keeping a network safe. From this, might the reader assume that you are insterested in intrusion detection/prevention (techniques, not technoloy) and incident response, or are you interested in learning to do penetration tests to facilitate this saftey?
If the latter, I would say, IMO, a penetration test might be a nice thing to do, but it isn't the best way to make a network safe. As an "insider", you have all the access you need to discover security vulnerabilities using traditional audit and vulnerability assessment methods. Tools to aid this include benchmark applications, such as those offered by CIS, as well as inumerable best practices guides for the various technologies you employ.
I'd start with these basics, and use a penetration test as a capstone. But, I don't think you can pen test your own network, that's cheating =)
If you want to learn the tools of the opposition to better detect their signatures if one were used against you in anger, the best place to start is with a packet analyzer and something like metasploit. Look at the trace left by exploit attempts. This will help you notice their structure and spot false positive matches, which will be far more common in practice. Look at the results of an attack on a system using some of the analytical tools offered by Sysinternals, they can help you see what a rootkit, backdoor, trojan horse or keylogger looks like when it gets installed.
Some tools used commonly by penetration testers might not be used commonly by attackers, so keep that in mind. But, learn the methodology by reading things like the OSSTM. Time tested tools like Nmap and Hping are good tools to test with. Once you get above the network layer and into the application space, tools like webgoat will help you learn what can go wrong. Also learn about things like SQL injection, a fan favorite.
It is a big world to learn about, and takes patience and practice. Google will be your friend.
-ds
> ----- Original Message -----
> From: "Lyndon Barry" <lyndon.barry@d-a-p.net>
> To: pen-test@securityfocus.com
> Subject: Starting Out
> Date: Wed, 9 Aug 2006 22:22:57 +0100
>
>
>
> Hi,
>
> First post, so please be gentle.
>
> I'm a support engineer for a firewall developer, and part of my role
> involves keeping the network safe. The problem is, I don't know enough
> about penetration attacks to know what I should look for. I do have
> access to testbeds & test networks with which to practice, but I was
> hoping someone on here could point me to a good source of ethical
> information/tools in order to start getting the right knowledge.
>
> Any suggestions will be gratefully accepted.
>
> Lyndon
>
>
>
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:40 EDT