penetration testing

Printable View

May 12th, 2007, 03:48 AM
prince_of_darkness

penetration testing

Hi everyone,
I am new to this website so let me take this opportunity to say hi. I was wondering if some could tell me what areas of server 2003 could penetration testing examine?

Cheers,
prince_of_darkness
May 12th, 2007, 04:06 AM
HTRegz

Greetings,

Here's where I stand with this post...

A) You don't understand penetration testing and what it is
B) You're post is poorly worded...

I'm going to assume it's B...

Penetration testing is the act of penetrating an asset... That asset could be: a person, a computer, a network or a company.

If you were performing a penetration test against a single 2K3 server you'd be looking at gaining access to that system...

What are you examining? Two things: i) Server Security ii) Server Configuration

If I can't get access to the server I've only examined server security and I've found it to be "secure"... However if I gain access to the server, the context of the rights that I have and the permissions on the data I'm attempting to access determine if the configuration is sufficient...

For example... a poorly formatted "text reader" on a website may allow me to read files on the computer outside the intended files...That's an insecurity... However proper configuration could limit the files I have access to, ensuring I can't access any corporate information.

Beyond that it's really fair game...

Generally in a penetration test against a system you are examining listening services... What ports are open, what's running on those ports, what can and can't I do with those ports...

However you could go beyond that to exploiting another asset... the person responsible for the server... You could exploit a trust relationship that server has with another server...

I think you need to better phrase your question.
May 12th, 2007, 04:15 AM
prince_of_darkness

Hi HTREgz,

Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
Probably this may give you a better view on what I am asking for.

cheers,
prince_of_darkness
May 12th, 2007, 08:24 AM
HTRegz

Quote:

Originally Posted by prince_of_darkness

Hi HTREgz,

Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
Probably this may give you a better view on what I am asking for.

cheers,
prince_of_darkness

So you're doing an interview and you wnat us to answer your questions??? I'm done with this thread.
May 12th, 2007, 11:51 AM
nihil

I think that we are getting confused with the meaning of "interview" here ;)

I believe the correct phrase should be "pre-assignment briefing" for a University student's project.

I would suggest that Google searches for "penetration testing", then "Windows 2003 server" and "vulnerabilities" would produce plenty of material to work on?

Here is a white paper on vulnerabilities. It is not right up to the minute, but does contain some basic concepts regarding vulnerabilities:

http://66.102.9.104/search?q=cache:y...ient=firefox-a
May 12th, 2007, 12:41 PM
prince_of_darkness

Quote:

Originally Posted by nihil

I believe the correct phrase should be "pre-assignment briefing" for a University student's project.

you are right nihil.
May 12th, 2007, 05:40 PM
PacketThirst

Hmm ... Buy yourself any one of these books and start reading

http://www.amazon.com/Windows-Server...685263-1984957
http://www.amazon.com/HackNotes-Wind.../dp/0072227850

Cheers !