Penetration test suggestion

Wanna to keep systems (e.g. windows servers) and network devices in security. Is there any good penetration test\ software recommend?
litmicAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Quite a broad question. You probably received a bunch of tools. You may want to be explicit in the test case that you will want to prioritise on as the test coverage is wide. See this long list of categories
https://github.com/enaqx/awesome-pentest/blob/master/README.md
Do note the penetration test is not about just running tools. The basis for penetration testing execution covers mainly:
-Pre-engagement Interactions
-Intelligence Gathering
-Threat Modeling
-Vulnerability Analysis
-Exploitation
-Post Exploitation
-Reporting
The detailed technical list can be found here http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
0
 
Radhakrishnan RSenior Technical LeadCommented:
Hi,

Since you are looking for specific pen test for Windows based servers, you could tighten the application security (Your AV), security devices (hardware firewall) etc. Have a look at this link and see if you can capture the information what you were looking at https://www.coresecurity.com/content/penetration-testing


I was doing pen test for all of my web based servers (IIS) sometimes ago using https://www.ssllabs.com/

Hope this helps.
0
 
btanExec ConsultantCommented:
Most common test case is to check for yhe server hygiene level e.g. Patch level of security update, any services running esp those of SMB service (file shares) port 137,139, 445, any remote access service such as 389 and any application based services such as webdav, web servers, sharepoint, directory services etc. These are avenues to penetrate through using poorly protected account (using simple or no passwords).
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
TjnoNetwork AdministratorCommented:
Just give me your public IP address and your domain, I can perform some tests and report back to you :)
0
 
masnrockCommented:
You could use tools within Kali Linux
1
 
btanExec ConsultantCommented:
For author advice
0
 
btanExec ConsultantCommented:
For consideration since no further user inputs.
0
 
litmicAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.