Advanced Network Infrastructure Assessment Questions....

From: Joseph McCray (joe@learnsecurityonline.com)
Date: Sat Jun 30 2007 - 10:25:02 EDT

• Next message: Thomas Pollet: "Re: solaris root-setuid script to gain root?"
• Previous message: David: "Extracting information about streams from pcap"
• Next in thread: Pete Herzog: "Re: Advanced Network Infrastructure Assessment Questions...."
• Reply: Pete Herzog: "Re: Advanced Network Infrastructure Assessment Questions...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm starting to do more and more network infrastructure assessment work
(specifically auditing Routers/Switches/Firewalls/VPNs/etc), and I'm
really looking to expand the scope of this service and make my audit as
thorough as possible.

Basically, the stuff that I'm hitting the hardest right now is SNMP,
TFTP, NTP, VPN psk stuff, firewall leak testing, and of course weak
passwords/clear text protocols for network management.

My most commonly used tools right now are:

* nmap (obviously)
* nessus
* onesixtyone (and other snmp tools)
* cisco-torch
* cge.pl
* ftester
* ike-scan (and other scripts)

Tools of interest for me are scapy and yersinia. Just really haven't sat
down and learned them, but read about and have played with them a little
(never on an audit though).

I'm looking for other things that I may be forgetting/neglecting. I'm
running into a lot more non-cisco gear so that is new for me (Extreme,
Foundry, Juniper, etc). So I'm looking for good general information that
will help me improve my audits in that area.

I'm specifically looking for more links on auditing NAC solutions (a
methodology that I could follow or at least point me in the right
direction). More stuff like this:

https://www.blackhat.com/presentations/bh-europe-07/Dror-Thumann/Presentation/bh-eu-07-dror-ppt-apr19.pdf
https://www.blackhat.com/presentations/bh-europe-07/Dror-Thumann/Whitepaper/bh-eu-07-dror-WP.pdf
...and Ofir Arkin's research on the subject
http://media.blackhat.com/presentations/bh-dc-07/Arkin/Presentation/bh-dc-07-Arkin-ppt-up.pdf

I'm also looking for people that are auditing things like 802.1x, and/or
doing 802.1x implementations in a hybrid network infrastructure (i.e.
Cisco, Extreme, Foundry, blah blah blah).

Let me know guys...I could really use the help.

-- 
Joe McCray
Toll Free:  1-866-892-2132
Email:      joe@learnsecurityonline.com
Web:        https://www.learnsecurityonline.com
Learn Security Online, Inc.
* Security Games        * Simulators
* Challenge Servers     * Courses
* Hacking Competitions  * Hacklab Access
"The only thing worse than training good employees and losing them 
is NOT training your employees and keeping them." 
        - Zig Ziglar

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: Thomas Pollet: "Re: solaris root-setuid script to gain root?"
• Previous message: David: "Extracting information about streams from pcap"
• Next in thread: Pete Herzog: "Re: Advanced Network Infrastructure Assessment Questions...."
• Reply: Pete Herzog: "Re: Advanced Network Infrastructure Assessment Questions...."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:55 EDT