Security Basics mailing list archives
Re: network auditing
From: "Lee Rich" <lee.rich () wlga gov uk>
Date: Wed, 15 Oct 2003 10:06:52 +0100
One thing that a lot of people forget is that it's not just how well you implement security on your hardware/network, but how those legitimate users cope with security. I'm sure you've heard the phrase 'loose lips sink ships'. A major part of any attack will be to obtain access to the target system with valid credentials. Social Engineering is the phrase we're looking for. You could have all the security holes under the sun and a firewall riddled wit holes, but if the hacker can get a valid user/pass combo they won't even bother to 'hack' away and maybe flag themselves up. Security is a field whereby you not only deal with your IT, but you educate the users of your IT on best practices and policies. Also, don't just look at what ports are open, look at what kinds of access you have from outside. Does your system have a modem waiting on a phone line which you use for administration? Think outside the box. (pun intended) -Lee Rich securirty () wlga gov uk -----Original Message----- From: cc <cc () belfordhk com> To: Security Basics <security-basics () securityfocus com> Sent: 14/10/2003 11:20 Subject: network auditing Hi, I was just reading the thread on the "NASA security Audit" and felt that perhaps I should think of a way to audit two networks that I'm in charge of. I'm relatively new at security issues(esp. audits, penetration tests, etc..) so perhaps someone could clarify some questions. Does one really need a certification in order to do all this auditing? Right now, I'm learning the whole security process on my own and as it stands, it's quite overwhelming. I have a firewall and an IDS set up(Just learnt not too tell anyone what type..*grin*), so all I'm interested in knowing is whether or not I can drill through the firewall and make it such that the attack is undetected. Sure I can go out and ask people to test the networks; but as far as I know, that's a very stupid thing to do. (Am I correct?) I've read about the 'blackbox' and 'crystal' tests (from the NASA Audit thread) and would like to know how I can apply those tests, especially what type of tools required. (Or should I even bother?) So far, (if someone can tell me if I've gotten this concept of an audit right) I've grasped that an external audit is as follows: 1) Port scan the target network IP. 2) Get the list of open/closed ports are available (probably just Open ports, right?) 3) For each port use a specific tool to gain access (starting from a simple approach to a more technically involved approach). ie. ftp port use ftp. 4) if simple access isn't available (ie cannot do any ftp password guessing either by brute force or dictionary approach to standard account names), then try using particular vulnerabilities in that protocol to attack/gain access to the system. That's basically it, right? Are there any particular books that I should take a gander at? Thank you for your help in understanding this overwhelming topic. --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************** SAVE PAPER - THINK BEFORE YOU PRINT! I ARBED PAPUR - PWYLLWCH CYN PRINTIO! *************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- network auditing cc (Oct 14)
- <Possible follow-ups>
- RE: network auditing Hagen, Eric (Oct 14)
- Re: network auditing cc (Oct 15)
- Re: network auditing Ansgar -59cobalt- Wiechers (Oct 16)
- Re: network auditing cc (Oct 15)
- RE: network auditing Meidinger Chris (Oct 14)
- Re: network auditing Lee Rich (Oct 15)
- RE: network auditing Hagen, Eric (Oct 16)