Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Internal pen-test

Re: Internal pen-test

From: <ddidier_at_netsecureia.com>
Date: 3 Jul 2008 09:29:22 -0000
('binary' encoding is not supported, stored as-is) Hello, Taras. As you pointed out, internal pen testing usually has more areas to test. Layer 2 and 3 areas need to be thoroughly tested. You mentioned ARP already - you should also consider testing for these types of issues:

DHCP snooping / starvation - ]. DHCP snooping and starvation attacks can disrupt traffic flows by redirecting end systems to un-trusted gateways which capture all traffic. This allows for collection and manipulation of confidential data. This can be prevented in certain switch solutions which support DHCP spoofing and starvation controls.

VLAN Hoping - VLAN hopping can allow a user to access a VLAN and the systems in that VLAN which their system isn’t currently a member of. This can circumvent security and network integrity in a number of ways. This is normally a problem because the default configuration type for VLAN interfaces is ‘dynamic’ in many vendor devices and allows VLAN hopping to occur.

CAM Overflow / MAC flooding - MAC flooding will flood a switch with packets in order to consume memory and causes a switch to enter the fail-open mode which causes the switch to flood all data out all ports. A packet sniffer can then be used to capture sensitive data which wouldn’t normally be accessible. This can be prevented in certain switches by configuring MAC limits per port.

Spanning Tree Attacks - Spanning tree attacks have the ability to disrupt redundant layer 2 paths on the network and cause denial of service (Dos) attacks and allow the attacker to see data he wouldn’t normally be able to see.

Routing Protocol Authentication - Routing protocols control the overall flow of data through a network. It is a fairly simple task to hijack or inject false routes if proper security measures have not been taken. Adding authentication for routing devices and updates greatly reduces these threats.

Router / Switch Management Access - The ability to manage network devices, including but not limited to routers and switches needs to be limited to discrete management systems. If possible, this should be a dedicated management network.

Hope this helps,

Dan Didier
http://www.NetSecureIA.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Received on Jul 03 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos