network penetration test

Hi All,

  I have taken a basic course about backtrack, i would like to run a simple pen test in my network and prepare a simple reports, can someone guide me with some tools to do that.

Thanks
LVL 1
ITMaster1979Asked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
Get permission from your CSO or other such high ranking officer. Since this is your first time, you should not do it against your production (in use) network. Use a test area, quality assurance or development environment if possible. Since you've had a course you should know how to begin, and you can do several types of scans with several different tools. Some scan's can use good credentials, usernames/passwords that are allowed to connect to your machines and get information like patches etc... Other scan's try to get you that same access without good or known usernames and passwords, these scan's can be very intrusive and take down a box or two if your not careful.
http://www.backtrack-linux.org/wiki/index.php/Basic_Usage
http://www.backtrack-linux.org/wiki/index.php/Autoscan
-rich
0
 
Fred MarshallPrincipalCommented:
Well, since you've already taken a course then it's a little hard to decide what to tell you.

How about this:
http://www.backtrack-linux.org/wiki/index.php/Basic_Usage
0
 
btanExec ConsultantCommented:
This has quite a sample for report...need not be all but minimally the risk assessment pertaining to the discover asset and exposure should be advised in the report. Importantly the recommendation in the report as that is the call to action. Focus on the technologies not vendor solution.

http://www.pentest-standard.org/index.php/Reporting

What differentiate form penetration testing and vulnerability testing need to be understood well...running tools does the minimal ;)
0
 
madunixCommented:
I use Backtrack for vulnerability testing, beside that you could use
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
http://en.wikipedia.org/wiki/BackTrack
http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.