Penetration Testing mailing list archives
RE: Vulnerability assessment for small business
From: "Omar A. Herrera" <omar.herrera () oissg org>
Date: Wed, 28 Sep 2005 16:06:38 +0100
Hi Bill,
-----Original Message----- From: Billy Dodson [mailto:billy () pmicromart com] When doing a vuln assessment for a small business (25 PC's, no server) which is using a peer-to-peer windows network, how do you approach this? Say the customer has a firewall...but they don't host any services. All of the PC's have local usernames and passwords that vary from machine to machine. There is no one single administrator account across the board, and you have little time. So you cant run many automated tools to check patch levels and what not because you cant get remote access to the registry. There are no services to be tested from the outside. Do you manually go to each machine and test them individually? Of course you can run null scans on the LAN, but that is not going to provide the depth you need. Any ideas and pointers would be great.
You might just concentrate in 2 points: the firewall and the workstations. For the firewall you might try the standard tests to try to map the rules (which will actually be useful for the other tests). Most workstations do have some ports open, even if they should not be visible from the outside (e.g. ports 135, 137-139, 445 on Windows machines). So, from the outside, you would just make sure this is true. The main vulnerabilities for workstations that you could test for are their ability to run things that shouldn't be supposed to run (i.e. malware). To test this you should change the approach and see if things can run in these machines and from there jump to the internet (through their firewall). The best way to do this is to use some kind of Trojan horse that can establish and test reverse connections. You should really talk about this approach with your client and explain why this is a critical vulnerable point in many network. By using a custom made trojan horse you might be able to show your client that Antivirus and similar technology is not quite effective against targeted attacks. Just make sure that you made the TH yourself or have thoroughly (line per line) reviewed and tested anything that you will be running on your client's machines. Also testing the security from inside their network (i.e. to see what a malware that already was able to get in might be able to do) might be useful. Finally, you could also consider testing ways to install this TH in your client's computers from the outside (e.g. social engineering with email attachments) instead of just starting from the inside (you have to talk about this with your client). But make sure you will be testing the TH (i.e. if you can't find a way to get your TH into one of their machines in a reasonable amount of time, document your findings, but do test the TH from the inside with your client's consent). Regards, Omar Herrera ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Vulnerability assessment for small business Billy Dodson (Sep 28)
- Re: Vulnerability assessment for small business ctg (Sep 29)
- RE: Vulnerability assessment for small business Omar A. Herrera (Sep 29)
- <Possible follow-ups>
- RE: Vulnerability assessment for small business Jason Albuquerque (Sep 29)
- RE: Vulnerability assessment for small business Michael Gargiullo (Sep 29)
- RE: Vulnerability assessment for small business Josh Perrymon (Sep 29)
- RE: Vulnerability assessment for small business Andy Meyers (Sep 29)
- Re: Vulnerability assessment for small business email (Sep 29)