Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


network penetration test

Posted on 2012-09-07
Medium Priority
Last Modified: 2012-10-15
Hi All,

  I have taken a basic course about backtrack, i would like to run a simple pen test in my network and prepare a simple reports, can someone guide me with some tools to do that.

Question by:ITMaster1979
LVL 26

Assisted Solution

by:Fred Marshall
Fred Marshall earned 375 total points
ID: 38379775
Well, since you've already taken a course then it's a little hard to decide what to tell you.

How about this:
LVL 38

Accepted Solution

Rich Rumble earned 375 total points
ID: 38380096
Get permission from your CSO or other such high ranking officer. Since this is your first time, you should not do it against your production (in use) network. Use a test area, quality assurance or development environment if possible. Since you've had a course you should know how to begin, and you can do several types of scans with several different tools. Some scan's can use good credentials, usernames/passwords that are allowed to connect to your machines and get information like patches etc... Other scan's try to get you that same access without good or known usernames and passwords, these scan's can be very intrusive and take down a box or two if your not careful.
LVL 65

Assisted Solution

btan earned 375 total points
ID: 38380327
This has quite a sample for report...need not be all but minimally the risk assessment pertaining to the discover asset and exposure should be advised in the report. Importantly the recommendation in the report as that is the call to action. Focus on the technologies not vendor solution.


What differentiate form penetration testing and vulnerability testing need to be understood well...running tools does the minimal ;)
LVL 25

Assisted Solution

madunix earned 375 total points
ID: 38446977
I use Backtrack for vulnerability testing, beside that you could use
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question