Security Basics mailing list archives
Re: Re: Pen-Testing New Server - Where to start?
From: adrian-lazar () hotmail com
Date: 14 Nov 2007 17:11:22 -0000
Assuming no information was provided about the new system, I use the following approach when pen-testing a new server in a new network: 1. Identify the purpose of the system. Is it a web, ftp, firewall, proxy, etc. system? 2. Identify location of system in remote network. Is it behind a firewall, router, load balancer, etc. 3. Determine what public services are running on this system. 4. Based on #3, determine what OS this system runs. 5. Analyze dns records - can you do a dns zone transfer, is there any whois info available? 6. Based on the above steps, start focusing your efforts accordingly. I hope this gives you an idea of where to start. For more info, have a look at Securityfocus' Pen-Test section and search other security websites. Cheers, Adrian
Current thread:
- Pen-Testing New Server - Where to start? Security (Nov 13)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)
- Re: Pen-Testing New Server - Where to start? Security (Nov 14)
- Re: Pen-Testing New Server - Where to start? crazy frog crazy frog (Nov 14)
- <Possible follow-ups>
- Re: Pen-Testing New Server - Where to start? theosdguy (Nov 14)
- Re: Pen-Testing New Server - Where to start? none (Nov 14)
- Re: Pen-Testing New Server - Where to start? rohnskii (Nov 14)
- Re: Re: Pen-Testing New Server - Where to start? adrian-lazar (Nov 14)
- Re: Pen-Testing New Server - Where to start? krymson (Nov 16)
- Re: Pen-Testing New Server - Where to start? Serg B (Nov 14)