Security Basics mailing list archives
Re: network auditing
From: cc <cc () belfordhk com>
Date: Wed, 15 Oct 2003 10:34:17 +0800
Hagen, Eric wrote:
Absolutely not. Many of the best hackers are not certified at all. Knowledge is the key. Make sure you inform and have permission from other network administrators, otherwise you could find yourself in hot-water for unauthorized penetration testing.
I'm very confident that I won't be doing Penetration testing on other systems. I know the legal issues involved and rather not have any 'legal' entanglements. :)
Well, being the network administrator, it would be impossible for you to "black box" test the network. However, any penetration testing you employ would be "crystal box" type tests.
Unless I do it at home(which isn't practical at the moment due to me still using a dialup). But perhaps my understanding of this 'black box' test isn't that correct. Why do you say it's 'impossible'?
Do it quietly. Port Scans are very "noisy" to IDS systems and likely to get you detected and blocked before you even attempt to access the network. Scan only those ports you're interested in. Do it very slowly and spread out the scan.
That seems quite logical. As it does take quite a bit of bandwidth.
I'm shy about dictionary/brute force attacks. They tend to set off alarms all over the place and make your tracks very hard to cover. Very few services are not logged anymore, especially if a host-based IDS is employed. At this point, sustained traffic to a single host may even set off a network-based IDS too.
Shouldn't most people by now should have logging enabled by default? Whether they look at the logs is another matter. just as long as they are logged.
For "Intrustion Testing" and "hacking", the BEST (I mean BEST) book I've ever seen is "Stealing the Network". It's fairly expensive and it's also technically fiction, but it explains in very clear words, the means by which attackers will try to compromise a network in a vareity of different situations. It tends to be very technical, written for network administrators, but it's a good one.
I'll check it out at the bookstore. I'm not entirely sure it'd be there and I do hope it's still in print?
For a more "textbook" and somewhat more basic book, try out "Hacking Exposed" I think there's a 4th volume out now...
I've seend these. There's the Windows Hacking exposed and the Linux one. I've flipped through them and they are quite 'bulky' and they seem to have lots of info. The question remains whether they are worth the $$$. I don't know what's going on but books seem to be getting more and more expensive, especially computer ones. Even a thin book can cost about 40 bucks US. Thanks for the help. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- network auditing cc (Oct 14)
- <Possible follow-ups>
- RE: network auditing Hagen, Eric (Oct 14)
- Re: network auditing cc (Oct 15)
- Re: network auditing Ansgar -59cobalt- Wiechers (Oct 16)
- Re: network auditing cc (Oct 15)
- RE: network auditing Meidinger Chris (Oct 14)
- Re: network auditing Lee Rich (Oct 15)
- RE: network auditing Hagen, Eric (Oct 16)