«

I am assigned to work with a team to perform a penetration testing to my
company. I know all the tools and methodologies. Nessus will be used to
scan ports from outside and internal.

For the scans from outside, should I start with the website IP? Or should I
have tools like NMAP to identify the gateway router IP and firewall IP and
then scan the open ports on both?

For the internal scan, what objects would be the most vulnerable? Servers?

I just want to be well-prepared and these questions definitely help.

Sherman H. wrote:
> I am assigned to work with a team to perform a penetration testing to my
> company. I know all the tools and methodologies. Nessus will be used to
> scan ports from outside and internal.
>
> For the scans from outside, should I start with the website IP? Or should I
> have tools like NMAP to identify the gateway router IP and firewall IP and
> then scan the open ports on both?
>
> For the internal scan, what objects would be the most vulnerable? Servers?
>
> I just want to be well-prepared and these questions definitely help.
>
>
nessus is your good start.

> For the internal scan, what objects would be the most vulnerable?
Servers?

If you take an academic approach to this, your "company"
will be penetrated easily. Your company employees will
set up every form of chat and message passing they can,
and you can talk jargon and "close" all the ports you
want, and it will mean nothing. The first place you should
start is with a good AV, allow list on browing, blocked
messaging programs, email filtering, and then, maybe,
a firewall. After that, if you are bored and have nothing
better to do, you can look at ports.

johns

"johns" <> wrote in message
news:ci1458$2el2$...
>
>> For the internal scan, what objects would be the most vulnerable?
> Servers?
>
> If you take an academic approach to this, your "company"
> will be penetrated easily. Your company employees will
> set up every form of chat and message passing they can,
> and you can talk jargon and "close" all the ports you
> want, and it will mean nothing. The first place you should
> start is with a good AV, allow list on browing, blocked
> messaging programs, email filtering, and then, maybe,
> a firewall. After that, if you are bored and have nothing
> better to do, you can look at ports.
>

Agreed, also consider the biggest vulnerability at the moment - allowing
employees to enter the business with USB data devices on their person.

I would start a vulnerability study by investigating existing software and
security policies, including fire, flood, backup and theft policy, then look
at external threats.

--
Apollo

On Sun, 12 Sep 2004 19:47:56 +0100, "Apollo"
<ian_dunbar6@hot[un-munge-me]mail.com> wrote:

>Agreed, also consider the biggest vulnerability at the moment - allowing
>employees to enter the business with USB data devices on their person.
>
>I would start a vulnerability study by investigating existing software and
>security policies, including fire, flood, backup and theft policy, then look
>at external threats.

USB devices are an issue if there is confidential information on the
computers that you do not want copied - otherwise and for most
companies its irrelevent.

Physical security is important and again it depends on the type of
company.

Knowing what is happening on the network and which ports are
open is also valuable as it can identify **** that is happening;
a good policy should prevent it getting to that stage.

In a supermarket you are concerned with the customers stealing
goods going out the front door and the staff out the back door
computers are much the same and as well management needs
to ensure they all act appropriatly before going out of the doors.
--
Jim Watt
http://www.gibnet.com

"Apollo" <ian_dunbar6@hot[un-munge-me]mail.com> wrote in message
news:...
>
> "johns" <> wrote in message
> news:ci1458$2el2$...
> >
> >> For the internal scan, what objects would be the most vulnerable?
> > Servers?
> >
> > If you take an academic approach to this, your "company"
> > will be penetrated easily. Your company employees will
> > set up every form of chat and message passing they can,
> > and you can talk jargon and "close" all the ports you
> > want, and it will mean nothing. The first place you should
> > start is with a good AV, allow list on browing, blocked
> > messaging programs, email filtering, and then, maybe,
> > a firewall. After that, if you are bored and have nothing
> > better to do, you can look at ports.
> >
>
> Agreed, also consider the biggest vulnerability at the moment - allowing
> employees to enter the business with USB data devices on their person.
>
> I would start a vulnerability study by investigating existing software and
> security policies, including fire, flood, backup and theft policy, then
look
> at external threats.

Hmm.. I would have said that the biggest vulnerability is that "b" work you
just used - or the lack of 'em.

Off-site too, in case of one of those catastrophic events, e.g. fire.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:Qxg1d.376$...
> "Apollo" <ian_dunbar6@hot[un-munge-me]mail.com> wrote in message
> news:...
>>
>> Agreed, also consider the biggest vulnerability at the moment - allowing
>> employees to enter the business with USB data devices on their person.
>>
>> I would start a vulnerability study by investigating existing software
>> and
>> security policies, including fire, flood, backup and theft policy, then
>> look at external threats.
>
> Hmm.. I would have said that the biggest vulnerability is that "b" work
> you
> just used - or the lack of 'em.
>
> Off-site too, in case of one of those catastrophic events, e.g. fire.
>

Yes, I should probably have phrased that something like "one of the newest
serious threats to confidential material".

The B word should be taken more seriously than it usually is, hands up who
knows of someone who made regular backups and never tested them?

--
Apollo

In article <>, ian_dunbar6@hot[un-munge-me]
mail.com says...
> Agreed, also consider the biggest vulnerability at the moment - allowing
> employees to enter the business with USB data devices on their person.

Not just USB devices, Digital Camera's (memory cards), PDA - can steal
info, laptops, to connect via dial-up, etc...

--
--

(Remove 999 to reply to me)

In article <>,
_way says...
> USB devices are an issue if there is confidential information on the
> computers that you do not want copied - otherwise and for most
> companies its irrelevent.

Infected files, malarious content, etc... Not just theft of information
is at question here.

--
--

(Remove 999 to reply to me)

"Sherman H." <> wrote in
news::

> I am assigned to work with a team to perform a penetration
> testing to my company. I know all the tools and
> methodologies. Nessus will be used to scan ports from
> outside and internal.
>
> For the scans from outside, should I start with the website
> IP? Or should I have tools like NMAP to identify the
> gateway router IP and firewall IP and then scan the open
> ports on both?
>
> For the internal scan, what objects would be the most
> vulnerable? Servers?
>
> I just want to be well-prepared and these questions
> definitely help.
>
>
>

Not knowing the exact situation in your institution I'd say
that you should look into the possibility of using a NAS
server, at least for the data, with diskless workstations.
The manaagement of such an appliance is easier, as would be
security issues. This leaves the question of ports, which
can be managed with strong operating systems security
management.

NAS:: Network Attached Storage