-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > It look's like I will need to do some penetration test for the organization > I work for in the not-to-distant-future. The problem is, I do not really > know where to begin as far as what programs would be appropriate. The > organization I work for is currently just a Microsoft shop with very-few non > MS services/programs made available to the masses. If you are new to the penetration testing arena (seems you are) its best to get an overview of what is entailed in real penetration tests. A good place to start is the open source security testing methodology manual lcoated at:: http://www.ideahamster.org or http://uk.osstmm.org/osstmm.htm This might be a bit too much information for a beginner but it is definitely useful none the less. It should put things in perspective for you. At the end of the day it comes down to understanding of the methodologies you choose to employ and experience in doing so. > And here begins my request... I was wondering if anyone on this list could > give me recommendations of programs or websites that would be useful for > someone (such as myself) who is creating a 'tool kit'. With the wide array > of programs available, I'd like to avoid getting programs that are not up to > par. commercial or non-commercial is fine. The OSSTMM provides a listing of tools applicable to certain aspects of performing a penetration test. Another useful source of consolidated tools is located at: http://www.networkintrusion.co.uk Just to stress (as I am sure more followups will) a penetration test isn't something as simple as running a few tools which are provided via open source or indeed purchased from a commercial supplier. Still they are a good place to start and will no doubt be useful as your own experience increases. I'm sure some people will argue that an effective penetration test should be performed by a "professional" in that area, everyone has to start somewhere (just make sure that your company understands that much at least). Good luck. - -- Dave Ryan Computer Incident Response Team dave.ryanat_private Eircom Multimedia -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtfIKIACgkQHSjBCI+q2yIDGACfW1x4xeXy6b9ml1x8qk/PpLE7 DHUAnidPXMBsJXLYGDF0ihRKByVMUNVP =8rQ3 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 16:07:57 PDT