I am developing software testing procedures for Penetration Testing tools downloaded from the Internet. Below is a list of the procedures I have developed so far. Please provide comments on areas needing improvements or the locations of other papers developed for this purpose. I am looking for suggestions on tools to use to monitor changes to the NT and 2000 registry and tools to look for malicious code signatures in source code and compiled programs. I will post combined information to this list and the white papers section of Security Horizon web page (www.securityhorizon.com) when complete. 1. Perform all testing on a closed private network. 2. Download tools with a non-administrator account (my opinion: you should not be surfing the web as an administrator anyway) 3. Virus scan the tool with the latest virus signatures. 4. Start with a standard baseline for the test machine. Things to know about test system. a. Current service pack and patch level. b. Current open ports and active services. c. UNIX systems - all suid and sgid programs. d. List of all users and passwords for all accounts including locked. e. List of all locked or disabled accounts. f. Vulnerabiltiy scan the system with your scanner of choice. g. Any suggestions on what else to document, look for, or use to establish and maintain a standard baseline. 5. All utilities used during the test should be run from a system other than the one with the tool in question. 6. Start a network monitoring tool before putting the tool on a system in the network. 7. Sneaker net the tool to the test network. 8. Unzip/untar files if needed and virus scan again. 9. Install and test run the tool. 10. Virus scan the test system. 11. Port scan the test system. 12. Vulnerability scan the test system. 13. Take another snap shot of the test system baseline and compare with the original results. 14. Let system run for a few days (this will not catch all time or logic bomb code, but its a start) 15. Uninstall the tool. 16. Virus scan the test system again. 17. Port scan the test system again. 18. Vulnerability scan the test system again. 19. Take a third snap shot of the test system baseline and compare with the previous results. 20. Review the logs generated by the network monitor. Thanks in advance bs
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 20:30:21 PDT