From: Michael Scheidell (scheidell@secnap.net)
Date: Sat Nov 04 2006 - 08:42:12 EST
> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Rocky
> Sent: Friday, November 03, 2006 9:27 AM
> To: pen-test@securityfocus.com
> Subject: Small Network Pen Testing
>
>
> Hi List,
>
> I have clients that has only less than 30 computers and
> 3 servers running and a couple of cisco devices/WAP.
> I installed their cisco devices,router/swithes & WAP but
> they wanted me to pen testing their network and i did
> using purely nmap.
>
> Is there any simple and precise method for pen testing
> small network?
No :-)
Are you talking EXTERNAL penetration testing? (ie: hack the flag?), are
you taking about vulnerabilities assessments? (list ALL possible
vulnerabilities, ie: PCI compliance type testing). Are you talking
about doing this INTERNALLY? (checking password policies, security
policies, firewall EGRESS rules?, IOS levels on the cisco, (WAP: you
mean they have a WAP->http gateway? Or WPA? They have wireless
(802.11/b/g))
At LEAST, run some freebie tools against it, like nessus
(www.nessus.org)
If client is under some type of government regulations (HIPAA, GLBA,
SOX, FISMA, FERPA) then get a qualified vendor to do an onsite IT
security compliance audit.
-- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT