Chapter 13. Penetrating UNIX, Microsoft, and Novell Servers

Previous page
Table of content
Next page
 < Day Day Up > 

The world will not evolve past its current state of crisis by using the same thinking that created the situation.

Albert Einstein

In Chapter 12, "Using Trojans and Backdoor Applications," you learned about Trojans and other backdoor applications that you can use on your target hosts during a penetration test. This chapter covers other means of testing servers for vulnerabilities. This chapter also covers exploits for the three most popular server operating system platforms UNIX, Microsoft, and Novell.

No matter what server platform you use, however, you will probably begin your test with a vulnerability scanner. A vulnerability scanner scans your target host and checks it against a database of vulnerability signatures. Thousands of known vulnerabilities exist, and it is impractical to expect a penetration tester to keep track of all of them. Vulnerability scanners assist in testing by scanning your target host and comparing it with vulnerabilities. You can think of it like penetration testing on autopilot.

These vulnerability databases are routinely updated from such vulnerability sites as http://cve.mitre.org and http://www.securityfocus.com/bid. The vulnerability scanner is only as good as its database, so make sure you routinely update it. Also, remember that vulnerability scanning tests the system only for a point in time. If a vulnerability exists that is not in the database at the time of testing, you will be unaware of its existence. All parties involved in a penetration test should be aware of this fact and set their expectations accordingly. Penetration tests are helpful, but they are only accurate for the point of time when the test was performed.

Other factors to consider are the cost and the intrusiveness of the scanner. Some scanners are free to use under the General Public License. Others can cost thousands of dollars each time they are used (licensing being based on IP address). This chapter introduces you to both open source (GPL) and commercial scanners.

The level of intrusiveness is a direct reflection of how much of an impact you want to make against a production machine. Some scanners can perform denial-of-service (DoS) attacks against your target. Such attacks, if successful, would be disruptive to a production network and should be performed only if you have written authorization to do so. Always test a vulnerability scanner in a closed lab environment first to test how intrusive it is on a network. You do not want to launch a scan that performs a DoS attack if you are not authorized to do so.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
    Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
    Cisco IOS in a Nutshell (In a Nutshell (OReilly))
    The Complete Cisco VPN Configuration Guide
    MySQL Cookbook
    Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy