Security Audit Help

[qwertyop]

I currently work as a Junior Network Admin and I would like to do a full security audit / penetration test but I dont know where I should start. Does anyone know about any tools that I should be looking at besides Backtrack? I would like find a guide listing the steps needed.

[vector]

check elcomsoft. i have the whole security suite. youll find some good tools there.

[DingleBerries]

What are you auditing? Id start with a whole network topography then look at exit points and then systems. Depending on what you want to audit you are going to generally critic your methodology. So with a unix server I am not going to go about it the same way i would with a windows server. There is alot of work involved and if you are in a high risk company then i would suggest employing a professional.

One any note you shouldn't test on production server. Always test on images or at least have full backups on hand in case you accidental the whole network.

[qwertyop]

I really just want to make sure that all the vulnerabilities are patched

[Sparda]

I really just want to make sure that all the vulnerabilities are patched

You can't patch a user...

[shonen]

You can't patch a user

I would like to nominate Sparda for the best comment of the day award! LOL

[SamjackBlade]

Before I started using tools I would make sure the systems you are responsible for are up to well established benchmarks. You can find some good ones at http://www.cisecurity.org/bench.html Then move onto verification tools/scanners.