Remote pen testing simulation
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Remote pen testing simulation

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    130

    Remote pen testing simulation

    I have been asked to set up a test bed at my company to try and work out the feasibility of remote pen testing (using tools such as Cybercop, Nessus and Nmap). I am looking to acquire some sort of WAN emulator, hardware or software, not really sure at the moment. The test bed will be made up of Windows boxes (NT 4 and 2000) with the possibility of some flavour of Linux being used in the future. Anyone have any ideas of products that would fulfil this task ? Searching on Google so far has found products from Shunra, such as STORM and CLOUD, but not having any experience with them I am a bit hesitant to go and buy them on the say so of the manufacturer, call me a cynic if you like. Any help greatly appreciated people

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Why in the world would you need to emulate a WAN to do penetration testing? Security testing does not care what kind of circuit you are using. All you need to do is connect a machine on a switch outside your router/firewall or whatever you have, and run the tests from there. You will have exactly the same results as someone on the Internet scanning your network.

    Perhaps I am misunderstanding what you are asking?

  3. #3
    Member
    Join Date
    Mar 2002
    Posts
    84
    eggzacktamundo.

    WAN emulation devices are mainly used for testing latency/performance capabilites of products applications under "real" conditions.

    my .02 cents
    freedom is a road seldom traveled by the multitude

    freedom aint free

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    Well that is what I would have thought to be honest, but according to my boss, I know nothing and we need to be spending thousands of pounds on a pretty box with fancy lights, lol. I said you could just up the time that Cybercop will wait for packets, just depends how long you are willing to wait, they are convinced that something else magical is going to happen if they try and test across the WAN links thought I must have been missing something.

  5. #5
    Member
    Join Date
    Mar 2002
    Posts
    84
    if you are going to spend thousands...

    whay dont you engage in a consultant/security company to do the remote pen testing for you? They will be the best indicator of what you should be doing to hole up your network. Hope all works out for you (it could be worse, your boss could just say we have no money, so make do with what you've got)...

    I hear that at least 3 times a day.
    freedom is a road seldom traveled by the multitude

    freedom aint free

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Well, you have greater chances of success in things like UDP scans if you are closer to the destination. Since UDP is a 'best effort' protocol, UDP scanning can be highly unreliable because you can not be quite sure whether or not your packet was dropped by a filtering device or if it even made it there. A situation like this is about the only reason I can think of that would justify trying it over a WAN versus on a LAN...

    Why not just have the tests done from home or have the company purchase a DSL line for a little while...would be alot cheapr to buy a actual broadband connection for a little while than drop a bucket of money on the problem buying something to simulate it...

    Neb

    Arggh, meant to add that alot of the results that are obtained from cybercop and nessus are effected by the latency of the response, if the latency is high, it can result in false positives and false negatives...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    bombayofpigs :
    we are employing an external company at the moment but our department has been set up to try and take over their job. Problem is we have about 700 sites in the UK and about
    100 000 users, give or take a few. Works out quite expensive after a while with the contrators, trust me, I have seen their bill, it is enough to fund a small country for several years, lol.

    nebulus200:
    Can't really test from home, there are a number of resons for this which I can't really go into but basically we need to do it from the other side of the internet gateway, it will cuase massive problems otherwise. More false positives from Cybercop??? aghhhh, I mean, not that it gives many to start with, lol. Flase negatives though, sounds a bit more dangerous. So they delay could cause problems, guess if that is the only thing that will effect it, we may not need such an expensive piece of kit, there must be something much simpler that can simulate the delay.

  8. #8
    Member
    Join Date
    Mar 2002
    Posts
    84
    wow! that many users and sites...

    you are prolly going to need some help anyway. I can understand how much that would cost (I work for a security consulting company in the states, and man hours arent cheap). Good luck with the testing, ill throw in my 2 cents whenever i can.

    freedom is a road seldom traveled by the multitude

    freedom aint free

  9. #9
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Is it possible to order a DSL or broadband connection in ? I know several of our remote sites do this to test connectivity to their local web servers and the like....you could be sitting in your office but still be coming in from the internet...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  10. #10
    Senior Member
    Join Date
    Feb 2002
    Posts
    130
    Yup plenty of sites i am afraid, all adding to the stress levels, lol. It would probably be against the law for me to get a DSL to my house from the network I am afraid, nice i dea though, like the way u r thinkin....i could work from my bed.. how cool is that ??

    Anyway, instead of getting a LAN simulator is there any software that coul just acount for the delay in the network then, if that is going to be the main problem??

    Thanks for your help everyone, this is the first post I have actaully put on here, depsite reding the posts for about 18 months. I didn't really want to get flamed like some of the other... but I suppose if you are gonna ask 'how do I hack hotmail' on a computer security site... well no comment

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •