Penetration Testing mailing list archives
Re: Re: Security Review Template/Checklist
From: "Lee Lawson" <leejlawson () gmail com>
Date: Tue, 8 Aug 2006 08:50:18 +0100
Hi, A security review, in my opinion, would be a check of ALL information assurance security mechanisms. this would include a vulnerability assessment, penetration test (if they want someone to run exploits against their systems, most don't!), social engineering/physical security etc and a review of all policies and procedures they use to bolster their security - acceptable internet useage, password change policy etc. This would be very difficult to achieve in 5 business days, but that depends on the size of the client network. My definitions for the types of tests are: Vulnerability Assessment - Identification and verification of weaknesses with any system. This includes footprinting (DNS, whois, Google), scanning (TCP, UDP, ICMP), enumeration (LDAP, SNMP), automated vulnerability scanning (nessus, retina) and the manual verification of those vulnerability's (banner grabbing/version scanning for vendor/versions of services). Basically, everything short of running the exploit. Penetration test - All of the above and running the exploits. Password extraction/cracking. backdoors, anti-forensics etc. Can include social engineering and physical intrusion checks. All the fun stuff! Security Review - All of the above and a review of policies and procedures in place. What does the helpdesk do when somebody wants a password change? etc. Also includes a review of the 'Security Policy', the guiding document on all matters security. Then you have the internal testing phase, this also includes things like sniffing and other types of enumeration etc. Then you have web application assessments, a different kettle of fish! I work as a penetration tester in the UK, and we do not (by default) perform DoS or actual penetrations. This is not because we cannot do it, but because our clients (mostly government and large businesses) do not want to accept the risks associated with performing those types of actions. This means that we are limited to a 'deep' vulnerability assessment only! Anyway, those are my definitions. I'm not saying they are right, should be pretty close though! On 8 Aug 2006 03:56:24 -0000, one () two com <one () two com> wrote:
Hi All, Thanks to everyone who as responded so far. Some great suggestions. To give you all a little more information about what I am after ... I'm a full time pen tester but have been given a week to perform a "Security Review" (not a Pen Test, but not excluding a Pen Test!). What makes up the Security Review hasn't been defined to the client, and we currently don't have a framework to go by. Therefore, I have been given the job of determining what the "Security Review" should entail, given the time constraints of 5 business days. Currently I am not sure what type of systems the client has. Any other suggestions would be appreciated. Thanks, One2 ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
-- Lee J Lawson leejlawson () gmail com leejlawson () hushmail com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Security Review Template/Checklist one (Aug 04)
- Re: Security Review Template/Checklist Travis (Aug 04)
- Re: Security Review Template/Checklist David Eduardo Acosta Rodriguez (Aug 04)
- Re: Security Review Template/Checklist Francisco Pecorella (Aug 04)
- Re: Security Review Template/Checklist Bojan Zdrnja (Aug 04)
- <Possible follow-ups>
- RE: Security Review Template/Checklist William Woodhams (Aug 04)
- RE: Security Review Template/Checklist Bob Radvanovsky (Aug 04)
- RE: Security Review Template/Checklist Ralph Forsythe (Aug 04)
- RE: Security Review Template/Checklist William Woodhams (Aug 07)
- Re: Re: Security Review Template/Checklist one (Aug 07)
- Re: Re: Security Review Template/Checklist Lee Lawson (Aug 08)
- Re: Security Review Template/Checklist Hylton Conacher(ZR1HPC) (Aug 09)