Results 1 to 10 of 10

Thread: Vulnerability Testing (from inside the network)

  1. #1
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152

    Vulnerability Testing (from inside the network)

    Hi all,

    My first post so please be gentle.

    I've just taken up a post as an Information security officer. It's not as purely technical as some of the security posts that other on AO have.

    My boss has asked me to look into way to carry out vulnerability testing on our network particularly the 2003 servers but just to develop an ongoing program of network testing.

    At the moment it's just theory, extra reading and advice I'm looking for. There will be a test network set up to start with so that I don't cause mayhem on the live network but that will be into the new year.

    I'll probably be setting up a spare box at home just with a cross over cable to try things out there.

    I'm after any (other) rcommended websites with articles/tutorial, any books worth reading.
    Any tools that would be useful for testing the network both free/open source and commercial.
    Any general advice as to how you go about testing networks that you secure. Any company policies/proceedure that your sysadmins follow on their networks to maintain a handle on vulnerabilities.

    I've been tinkering with Snort, Ethereal, GFI and a few others but only on my local machine or on the loop back.

    My background is in desktop support at a school but I also carried out some work on NT4 servers, 2000 servers and 2003 servers. I've also got a bit of linux experience Red Hat mostly.
    My programming is weak I know Asp but I've no formal IT training. I used to be a biochemist but fell into IT a while back.

    Thanks in advance.

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    You may want to check out a tool called Nessus , also thehorse13 wrote a very good tutorial on how to set it up.

    http://www.antionline.com/showthread...hreadid=247255

    Cheers:
    DjM

  3. #3
    Some books that might help you get started are:

    --Anti-Hacking Toolkit, Jones/Shema/Johnson, Osborne

    --Maximum Security, Anonymous, SAMS

    --Special Ops, Birkholz, Syngress

    --Hack Proofing Your Network, Syngress

    If you are budget-challenged, I use www.ComputerBooksDirect.com to get what I need. There are other lower-priced resources.

  4. #4
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Get a live disk security distro of linux like Knoppix StD Or Phlak. They contain all the tools you need to penetration test ......

    Phlak -> http://www.phlak.org/modules/mydownloads/
    Knoppix Std -> http://www.knoppix-std.org/

    Check out the man pages for all the tools ...

    Best Of Luck ..


    PacketTHIRST

  5. #5
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Try Sunbelt Network Security Inspector (SNSI) - works well for me.
    http://www.sunbelt-software.com/product.cfm?id=987
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  6. #6
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    Until my company cut the funding. I thought Retina Security Scanner was awesome. Give it a google

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Personally I use helix for both internal pen testing and incident response. It is a live CD based on Knoppix, meaning you need not install it to run it. Just boot from the CD and off you go. It can also be installed to a hard drive permanently if you wish.

    A good, quick read to get up and running with Linux security is Hack Notes, which only runs about 20 or 30 dollars, or about 10 used. You can't really go wrong for that price and it is a very good introduction to the "bare basics". Just be sure to get a recent version if you buy a used copy. They have a Windows edition as well, however I have not read it.

    A far more in-depth book I have used and loved is Maximum Linux Security, although it is written at a much more advanced level.

    As others have mentioned, there is no comparison to Nessus when it comes to vulnerability scanning. It scans both Windows and Linux machines (not sure about other OSes), and plugins for new exploits are usually available within hours, although they have recently moved to an activation model and started charging a substantial fee for immediate access to non-GNU licensed plugins. If your company has the resources to pay for the support it is ceartainly worth looking into.

    I would also try programs such as Ettercap and Dsniff. In any case, have a look at insecure.org's list of the top 75 security tools for some more ideas.

    Good luck in your new endeavors.

    --Striek
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  8. #8
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Many thanks.

    Lots to be looking up and lots to learn which is good.

    I downloaded the ISO of Knoppix-STD last night and I'm going to have a tinker with that today.

  9. #9
    Did someone said Pizza :) FanacooL's Avatar
    Join Date
    Oct 2004
    Location
    Karachi , Pakistan
    Posts
    466
    Ok What i can suggest you with a little experience of mine is that : May be steps are not in order hope you can arrange them yourself.

    1) First check that all the O.S. has updated service pack.
    2) Try scanning them with GFI lan guard Security scanner..... If you see any vulneribility cover it with the available patch.
    3) See if all the guest accounts and other builtin accounts are disable.
    4) Instead of Ethereal try Iris... its a good sniffer...... Certainly help you in analyzing the traffic being generated by the nodes.
    5) Make sure all the passwords are strong.
    6) See whether good antivirus is present and its updated or not.

    Also take a look at these links: -

    http://www.stat.harris.com/index.asp
    http://www.secinf.net/uplarticle/1/wp-over-pentest.pdf

    Forgot to mention about this:
    http://www.securitydocs.com/
    An excellent place to search information about your topic...
    One machine can do the work of fifty ordinary men. No machine can do the work of one extraordinary man!

  10. #10
    Junior Member
    Join Date
    Dec 2004
    Posts
    5
    well retina is a good official tool for network vulnerability scanning, and it always has actual vulnerabilities...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •