qwertyop Posted February 22, 2009 Share Posted February 22, 2009 I currently work as a Junior Network Admin and I would like to do a full security audit / penetration test but I dont know where I should start. Does anyone know about any tools that I should be looking at besides Backtrack? I would like find a guide listing the steps needed. Quote Link to comment Share on other sites More sharing options...
vector Posted February 22, 2009 Share Posted February 22, 2009 check elcomsoft. i have the whole security suite. youll find some good tools there. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted February 22, 2009 Share Posted February 22, 2009 What are you auditing? Id start with a whole network topography then look at exit points and then systems. Depending on what you want to audit you are going to generally critic your methodology. So with a unix server I am not going to go about it the same way i would with a windows server. There is alot of work involved and if you are in a high risk company then i would suggest employing a professional. One any note you shouldn't test on production server. Always test on images or at least have full backups on hand in case you accidental the whole network. Quote Link to comment Share on other sites More sharing options...
qwertyop Posted February 22, 2009 Author Share Posted February 22, 2009 I really just want to make sure that all the vulnerabilities are patched Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 22, 2009 Share Posted February 22, 2009 I really just want to make sure that all the vulnerabilities are patched You can't patch a user... Quote Link to comment Share on other sites More sharing options...
shonen Posted February 22, 2009 Share Posted February 22, 2009 You can't patch a user I would like to nominate Sparda for the best comment of the day award! LOL Quote Link to comment Share on other sites More sharing options...
SamjackBlade Posted March 2, 2009 Share Posted March 2, 2009 Before I started using tools I would make sure the systems you are responsible for are up to well established benchmarks. You can find some good ones at http://www.cisecurity.org/bench.html Then move onto verification tools/scanners. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.