Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Internal pen-test

Re: Internal pen-test

From: Taras Ivashchenko <naplanetu_at_gmail.com>
Date: Mon, 7 Jul 2008 17:28:51 +0400

Hello, Durga!

As I think, these items is more usable for security audit, e.g. PCI
DSS audit. Not for pen-test...

Тарас Иващенко (Taras Ivashchenko) 

--
"Software is like sex: it's better when it's free.", - Linus Torvalds.
2008/7/3 Durga Prasad Adusumalli <asndpp_at_gmail.com>:
> Hi Taras,
>
> You could also include
>
> - AntiVirus presence and update checks
> - Screensaver settings
> - Desktop security measures like presence of firewall
>
> Regards,
> Durga Prasad.
>
> On Thu, Jul 3, 2008 at 12:31 AM, Ramiro Caire <ramiro.caire_at_gmail.com> wrote:
>> Hi Taras,
>>
>> There are many things to check. Some things that springs to mind are:
>>
>> - Access level on desktop PC
>> - Check the shares resources permissions
>> - Patch level on servers
>> - Wireless connections
>> - Sniffing
>> - Footprinting
>> - Physical security
>> - Internal ports on servers
>> - Check for unnecesary servers
>> - Unnecesary dial-up connections
>>
>> And much more...
>>
>> some useful links:
>> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
>> http://www.penetration-testing.com/
>> http://www.securestate.com/Profiling/Pages/Internal-Pen-Test.aspx
>>
>> Regards
>> Ramiro
>>
>>
>>
>>
>> Taras P. Ivashchenko wrote:
>>>
>>> Hello, everybody!
>>>
>>> Is anybody made internal pen-tests?
>>> What is the difference between external pen-test and internal?
>>> As I think, in internal ARP spoofing, sniffing are possible, something
>>> more?
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Top 5 Common Mistakes in Securing Web Applications
>> Get 45 Min Video and PPT Slides
>>
>> www.cenzic.com/landing/securityfocus/hackinar
>> ------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
Received on Jul 07 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos