Date: Mon, 25 Sep 2000 10:05:16 +0300 From: Yonatan Bokovza <Yonatan@xpert.com> To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: RE: Penetration testing question.... Message-ID: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: William Woods [mailto:bwoods2@uswest.net] > Sent: Monday, September 25, 2000 7:55 AM > To: freebsd-security@freebsd.org > Subject: Penetration testing question.... > > > Please excuse me and point me in the right direction if this > is not the > best list (I suspect it isnt...) > > I currently run FreeBSD at home and on my personal system at work. The > company I work for is developing a security hardware/software > solution for > windows and since I am the only person in the group with any > type of *nix > experiance they have asked me to do some penetration tests. > They said I > could use any OS I want for my platform (I am going to use > FreeBSD because > I am most familiar with it, linux is an option but I would rather > stick with FreeBSD). They want me to get the the most commonly > used scanners (I am currently useing SAINT and NMAP to test my > persoanl LAN) and tools hackers use and test the devel systems for > security. So far, so cool. > > Now since I am not into the "hacking and cracking" scene I am > kind of at a > loss here. I have what I consider to be 2 good scanners, > SAINT and NMAP > but as to other "tools of the trade" I am at a bit of a loss. > Where would > I go from here ? Could you point me to a more realivant list at least? /usr/ports/security/nessus* is a good general-purpose security scanner. But you want to attack a unique software, and that's completely different than looking for known vulnerabilities in a server. Checking is a software is secure is _wide_ topic. Generally speaking, if the program utilises the network, see if it's vulnerable to network attacks, or if it vulnerabify (hehe, "makes vulnerable") the station it's installed on. If it's used on server where users have local access- see if a local user can take advantage of it to cause havoc or elevate permissions. Mail me off the list for more opinions. > > Again, I appologize if this is not the best forum for this question, I > realise it is for FreeBSD related questions, but I really diden't know > where else to turn. > > > Thanks, > > Bill > Sure, Yonatan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00BF97DD9F3FD311AB860060084E50DD311C71>