[PEN-TEST] Software Test Procedures Request for Assistance

From: Brian (bsshuhartat_private)
Date: Thu Apr 26 2001 - 15:34:07 PDT

Next message: Matthew Wagenknecht: "Re: [PEN-TEST] Websense bypass ?"

Previous message: Mike Sues: "Re: [PEN-TEST] Penetration of OWA servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am developing software testing procedures for Penetration Testing tools
downloaded from the Internet.  Below is a list of the procedures I have
developed so far.  Please provide comments on areas needing improvements or
the locations of other papers developed for this purpose.  I am looking for
suggestions on tools to use to monitor changes to the NT and 2000 registry
and tools to look for malicious code signatures in source code and compiled
programs.

I will post combined information to this list and the white papers section
of Security Horizon web page (www.securityhorizon.com) when complete.

1.  Perform all testing on a closed private network.

2.  Download tools with a non-administrator account (my opinion: you should
not be surfing the web as an administrator anyway)

3.  Virus scan the tool with the latest virus signatures.

4.  Start with a standard baseline for the test machine.  Things to know
about test system.
    a. Current service pack and patch level.
    b. Current open ports and active services.
    c. UNIX systems - all suid and sgid programs.
    d. List of all users and passwords for all accounts including locked.
    e. List of all locked or disabled accounts.
    f. Vulnerabiltiy scan the system with your scanner of choice.
    g. Any suggestions on what else to document, look for, or use to
establish and maintain a standard baseline.

5.  All utilities used during the test should be run from a system other
than the one with the tool in question.

6.  Start a network monitoring tool before putting the tool on a system in
the network.

7.  Sneaker net the tool to the test network.

8.  Unzip/untar files if needed and virus scan again.

9.  Install and test run the tool.

10.  Virus scan the test system.

11. Port scan the test system.

12. Vulnerability scan the test system.

13. Take another snap shot of the test system baseline and compare with the
original results.

14. Let system run for a few days (this will not catch all time or logic
bomb code, but its a start)

15. Uninstall the tool.

16. Virus scan the test system again.

17. Port scan the test system again.

18. Vulnerability scan the test system again.

19. Take a third snap shot of the test system baseline and compare with the
previous results.

20. Review the logs generated by the network monitor.


Thanks in advance
bs

Next message: Matthew Wagenknecht: "Re: [PEN-TEST] Websense bypass ?"
Previous message: Mike Sues: "Re: [PEN-TEST] Penetration of OWA servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 20:30:21 PDT