Penetration Test

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I am searching for what areas are tested for a regular penetration test done
by a consultant. We are thinking about doing that by ourselves Info
Security Team and would like to have a comprehensive listing of the scope.
Any links are appreciated.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Sherman H." <shung@charter.net> wrote in message news:<10fmh74puim7nb0@corp.supernews.com>...
> I am searching for what areas are tested for a regular penetration test done
> by a consultant. We are thinking about doing that by ourselves Info
> Security Team and would like to have a comprehensive listing of the scope.
> Any links are appreciated.


You can start out with checking information about firewall security,
like on http://www.grc.com
The holes first checked for however aught to be responses from known
trojans, a port scan to ensure closed/stealthed ports and connectivity
to system services.
Also, tests should be made to make sure that trojans (or a
home-written piece of code as a test agent) cannot penetrate the
firewall simply by using a trusted application acting as its traffic
courier. This of course requires the firewall to have the capapbility
to restrict outbound access from programs on the system/network
itself.
/Mike