-
May 12th, 2007, 03:48 AM
#1
Junior Member
penetration testing
Hi everyone,
I am new to this website so let me take this opportunity to say hi. I was wondering if some could tell me what areas of server 2003 could penetration testing examine?
Cheers,
prince_of_darkness
-
May 12th, 2007, 04:06 AM
#2
Greetings,
Here's where I stand with this post...
A) You don't understand penetration testing and what it is
B) You're post is poorly worded...
I'm going to assume it's B...
Penetration testing is the act of penetrating an asset... That asset could be: a person, a computer, a network or a company.
If you were performing a penetration test against a single 2K3 server you'd be looking at gaining access to that system...
What are you examining? Two things: i) Server Security ii) Server Configuration
If I can't get access to the server I've only examined server security and I've found it to be "secure"... However if I gain access to the server, the context of the rights that I have and the permissions on the data I'm attempting to access determine if the configuration is sufficient...
For example... a poorly formatted "text reader" on a website may allow me to read files on the computer outside the intended files...That's an insecurity... However proper configuration could limit the files I have access to, ensuring I can't access any corporate information.
Beyond that it's really fair game...
Generally in a penetration test against a system you are examining listening services... What ports are open, what's running on those ports, what can and can't I do with those ports...
However you could go beyond that to exploiting another asset... the person responsible for the server... You could exploit a trust relationship that server has with another server...
I think you need to better phrase your question.
-
May 12th, 2007, 04:15 AM
#3
Junior Member
Hi HTREgz,
Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
Probably this may give you a better view on what I am asking for.
cheers,
prince_of_darkness
-
May 12th, 2007, 08:24 AM
#4
Originally Posted by prince_of_darkness
Hi HTREgz,
Well I am quoting the question that was given to me at the interview as a part of a go home do assignment "show a logical breakdown of the areas of a system security penetration would examine in windows server 2003".
Probably this may give you a better view on what I am asking for.
cheers,
prince_of_darkness
So you're doing an interview and you wnat us to answer your questions??? I'm done with this thread.
-
May 12th, 2007, 11:51 AM
#5
I think that we are getting confused with the meaning of "interview" here
I believe the correct phrase should be "pre-assignment briefing" for a University student's project.
I would suggest that Google searches for "penetration testing", then "Windows 2003 server" and "vulnerabilities" would produce plenty of material to work on?
Here is a white paper on vulnerabilities. It is not right up to the minute, but does contain some basic concepts regarding vulnerabilities:
http://66.102.9.104/search?q=cache:y...ient=firefox-a
-
May 12th, 2007, 12:41 PM
#6
Junior Member
Originally Posted by nihil
I believe the correct phrase should be "pre-assignment briefing" for a University student's project.
you are right nihil.
-
May 12th, 2007, 05:40 PM
#7
Similar Threads
-
By kruptos in forum Miscellaneous Security Discussions
Replies: 7
Last Post: May 14th, 2006, 05:41 AM
-
By bAgZ in forum Network Security Discussions
Replies: 15
Last Post: February 11th, 2006, 10:02 PM
-
By genXer in forum Product / Book / Training / Conference Reviews
Replies: 1
Last Post: December 9th, 2005, 06:51 PM
-
By mmkhan in forum Miscellaneous Security Discussions
Replies: 0
Last Post: October 28th, 2004, 03:47 PM
-
By imported_Tek Weasel in forum Network Security Discussions
Replies: 2
Last Post: September 23rd, 2002, 08:44 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|