|
Posted by Mikael on July 20, 2004, 11:12 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I am searching for what areas are tested for a regular penetration test done
> by a consultant. We are thinking about doing that by ourselves Info
> Security Team and would like to have a comprehensive listing of the scope.
> Any links are appreciated.
You can start out with checking information about firewall security,
like on http://www.grc.com
The holes first checked for however aught to be responses from known
trojans, a port scan to ensure closed/stealthed ports and connectivity
to system services.
Also, tests should be made to make sure that trojans (or a
home-written piece of code as a test agent) cannot penetrate the
firewall simply by using a trusted application acting as its traffic
courier. This of course requires the firewall to have the capapbility
to restrict outbound access from programs on the system/network
itself.
/Mike
| 
XML site map