Advanced Network Infrastructure Assessment Questions....

To:	pen-test@securityfocus.com
Subject:	Advanced Network Infrastructure Assessment Questions....
From:	Joseph McCray <joe@learnsecurityonline.com>
Date:	Sat, 30 Jun 2007 10:25:02 -0400
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date:	Sat, 30 Jun 2007 08:22:27 -0600 (MDT)
Resent-from:	pen-test-return-1078484513@securityfocus.com
Resent-message-id:	<20070630142227.70BE12396E5@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

I'm starting to do more and more network infrastructure assessment work
(specifically auditing Routers/Switches/Firewalls/VPNs/etc), and I'm
really looking to expand the scope of this service and make my audit as
thorough as possible.

Basically, the stuff that I'm hitting the hardest right now is SNMP,
TFTP, NTP, VPN psk stuff, firewall leak testing, and of course weak
passwords/clear text protocols for network management.

My most commonly used tools right now are:

* nmap (obviously)
* nessus
* onesixtyone (and other snmp tools)
* cisco-torch
* cge.pl
* ftester
* ike-scan (and other scripts)

Tools of interest for me are scapy and yersinia. Just really haven't sat
down and learned them, but read about and have played with them a little
(never on an audit though).

I'm looking for other things that I may be forgetting/neglecting. I'm
running into a lot more non-cisco gear so that is new for me (Extreme,
Foundry, Juniper, etc). So I'm looking for good general information that
will help me improve my audits in that area.

I'm specifically looking for more links on auditing NAC solutions (a
methodology that I could follow or at least point me in the right
direction). More stuff like this:

https://www.blackhat.com/presentations/bh-europe-07/Dror-Thumann/Presentation/bh-eu-07-dror-ppt-apr19.pdf
https://www.blackhat.com/presentations/bh-europe-07/Dror-Thumann/Whitepaper/bh-eu-07-dror-WP.pdf
...and Ofir Arkin's research on the subject
http://media.blackhat.com/presentations/bh-dc-07/Arkin/Presentation/bh-dc-07-Arkin-ppt-up.pdf

I'm also looking for people that are auditing things like 802.1x, and/or
doing 802.1x implementations in a hybrid network infrastructure (i.e.
Cisco, Extreme, Foundry, blah blah blah).

Let me know guys...I could really use the help.

--
Joe McCray
Toll Free: 1-866-892-2132
Email: joe@learnsecurityonline.com
Web: https://www.learnsecurityonline.com

Learn Security Online, Inc.

* Security Games * Simulators
* Challenge Servers * Courses
* Hacking Competitions * Hacklab Access

"The only thing worse than training good employees and losing them
is NOT training your employees and keeping them."

- Zig Ziglar

signature.asc
Description: This is a digitally signed message part

<Prev in Thread]	Current Thread	[Next in Thread>
Advanced Network Infrastructure Assessment Questions...., Joseph McCray <=

Previous by Date:	Extracting information about streams from pcap, David
Next by Date:	Re: solaris root-setuid script to gain root?, Thomas Pollet
Previous by Thread:	Extracting information about streams from pcap, David
Indexes:	[Date] [Thread] [Top] [All Lists]