penetration testing
Results 1 to 7 of 7

Thread: penetration testing

  1. #1
    Junior Member
    Join Date
    May 2007
    Posts
    3

    penetration testing

    Hi everyone,
    I am new to this website so let me take this opportunity to say hi. I was wondering if some could tell me what areas of server 2003 could penetration testing examine?

    Cheers,
    prince_of_darkness

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Greetings,

    Here's where I stand with this post...

    A) You don't understand penetration testing and what it is
    B) You're post is poorly worded...

    I'm going to assume it's B...

    Penetration testing is the act of penetrating an asset... That asset could be: a person, a computer, a network or a company.

    If you were performing a penetration test against a single 2K3 server you'd be looking at gaining access to that system...

    What are you examining? Two things: i) Server Security ii) Server Configuration

    If I can't get access to the server I've only examined server security and I've found it to be "secure"... However if I gain access to the server, the context of the rights that I have and the permissions on the data I'm attempting to access determine if the configuration is sufficient...

    For example... a poorly formatted "text reader" on a website may allow me to read files on the computer outside the intended files...That's an insecurity... However proper configuration could limit the files I have access to, ensuring I can't access any corporate information.

    Beyond that it's really fair game...

    Generally in a penetration test against a system you are examining listening services... What ports are open, what's running on those ports, what can and can't I do with those ports...

    However you could go beyond that to exploiting another asset... the person responsible for the server... You could exploit a trust relationship that server has with another server...

    I think you need to better phrase your question.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Junior Member
    Join Date
    May 2007
    Posts
    3
    Hi HTREgz,

    Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
    Probably this may give you a better view on what I am asking for.

    cheers,
    prince_of_darkness

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Quote Originally Posted by prince_of_darkness
    Hi HTREgz,

    Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
    Probably this may give you a better view on what I am asking for.

    cheers,
    prince_of_darkness

    So you're doing an interview and you wnat us to answer your questions??? I'm done with this thread.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    I think that we are getting confused with the meaning of "interview" here

    I believe the correct phrase should be "pre-assignment briefing" for a University student's project.

    I would suggest that Google searches for "penetration testing", then "Windows 2003 server" and "vulnerabilities" would produce plenty of material to work on?

    Here is a white paper on vulnerabilities. It is not right up to the minute, but does contain some basic concepts regarding vulnerabilities:

    http://66.102.9.104/search?q=cache:y...ient=firefox-a
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Junior Member
    Join Date
    May 2007
    Posts
    3
    Quote Originally Posted by nihil

    I believe the correct phrase should be "pre-assignment briefing" for a University student's project.
    you are right nihil.

  7. #7
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Hmm ... Buy yourself any one of these books and start reading

    http://www.amazon.com/Windows-Server...685263-1984957
    http://www.amazon.com/HackNotes-Wind.../dp/0072227850

    Cheers !

Similar Threads

  1. Penetration Testing Internship
    By kruptos in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: May 14th, 2006, 06:41 AM
  2. Vulnerability and Penetration testing
    By bAgZ in forum Network Security Discussions
    Replies: 15
    Last Post: February 11th, 2006, 10:02 PM
  3. New Book Coming Out on Penetration Testing: Thoughts?
    By genXer in forum Product / Book / Training / Conference Reviews
    Replies: 1
    Last Post: December 9th, 2005, 06:51 PM
  4. Demystifying Penetration Testing
    By mmkhan in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: October 28th, 2004, 04:47 PM
  5. Penetration Testing Tools
    By imported_Tek Weasel in forum Network Security Discussions
    Replies: 2
    Last Post: September 23rd, 2002, 09:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •