I agree and also use Nessus scans from my windows nessus client
SOMETIMES...
I prefer the Auditor Live CD collection. I took this and modified it
like I needed with a HD install the re-packaged it into a live cd to
distribute to other auditors within our security company.
PHLAK is also a great Live CD.
Can you get to everything you need to if the Linux server is in the DMZ?
If you going to have a security machine I would recommend it totally
separate from installing SNORT because it will log all your scans and
return data unless you spend a LOT of time on configuration.
This will lead to false positives.
GTK should not be too bad is you install with apt-get or something like
that. But I would DEFINITELY recommend using Auditor or PHLAK then
installing to your hardrive because all the work of configuration and
dependencies are done for you.
In my opinion you cannot perform a full penetration test from a windows
machine. You just don't have the tools to be thorough. Sure you can run
a slow version of nmap with mixed results ... but you need to utilize
all the tools you can and also use something like OSSTM 2.0 to ensure
your looking at all the areas like SNMP, open shares, Vulnerability
testing, sniffing, so on.
You also need to look at Metasploit and Exploit Tree to actually exploit
some of these services.
I'm guessing your running everything on the inside of you ORG?
JP
-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin@aggreko.co.uk]
Sent: Monday, September 19, 2005 9:16 PM
To: Josh Perrymon; pen-test@securityfocus.com;
security-basics@securityfocus.com
Subject: RE: Windows XP SP2 and Security Tools
We have a Linux box on the perimeter. And I aggree that Linux works way
much better for anything. Im a Knoppix-STD fan myself. I like to run
nessus scan from my WIndows XP client though, which points to a Linux
box on VMware in the DMZ. I will have a look at PHLAK, we are also
having a look at Eeye products.
linux is giving me trouble with installing GTK+2.0 with all the
Libraries it requires that also require libraries.
I would really like to install cheops-ng and Nessus Client for Linux,
but this has been giving me grief with the new GTK+ trying when trying
compile it. I do love the idea of a Live Linux CD, but I dont thnk this
would work well for a 24/7 Linux box which will be running Snort, and
Nessusd.
Do you know of any installable Linux Distros which are all good to go
like Knoppix STD?
________________________________
From: Josh Perrymon [mailto:perrymonj@networkarmor.com]
Sent: Mon 19/09/2005 11:03 PM
To: Steve McLaughlin; pen-test@securityfocus.com;
security-basics@securityfocus.com
Subject: RE: Windows XP SP2 and Security Tools
Are you looking to do pen-testing from a Windows box????
If so I would disagree due to the RST issues and the stack issues.
I would install a Linux box or run a LIVE CD such as Auditor or PHLAK
for your assessments. This will give you all the tools you need for info
gathering, mapping the network , scanning with nessus, metasploit and
other tools.
I would only suggest using windows XP for running web application tools
such as Acunetix, WebInspect, AppSecure and others.
I don't find XP to be a good to for something you can do a LOT more
efficiently in Linux.
You could also run VMWare and run your tools for auditing from a virtual
machine. The only problem this will cause is with wireless auditing due
to the way drivers bind in Vmware/
Joshua Perrymon
Network Armor
-----Original Message-----
From: Steve McLaughlin [mailto:Steve.McLaughlin@aggreko.co.uk]
Sent: Monday, September 19, 2005 10:46 AM
To: pen-test@securityfocus.com; security-basics@securityfocus.com
Subject: Windows XP SP2 and Security Tools
Hi List,
We are currently in the stage of rolling out Windows XP SP2. I know that
this had some problems with winpcap a while back.
we use all the good open source security tools we can with windows, cos
its easier than putty to the linux box.
Des anyone know of any issues, or problems that SP2 may pose from what a
security pen-testing box is concerned.
Will it affect any Windows based security tools, or are there any other
issues it has from a security point of view?
Considering it is also my workstation, and hence we have to use windows
for it.
Thankyou in Advance,
Steve
Visit us at http://www.aggreko.com
Confidentiality Notice: This communication and any accompanying
attachments contain confidential information intended for a specific
individual and purpose. This communication is private and protected by
law. If you are not the intended recipient, you are hereby respectfully
notified that any disclosures, copying, forwarding or distribution, or
the taking of any action based on the contents of this communication is
strictly prohibited.
_____________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
______________________________________________________________________
Visit us at http://www.aggreko.com
Confidentiality Notice: This communication and any accompanying
attachments contain confidential information intended for a specific
individual and purpose. This communication is private and protected by
law. If you are not the intended recipient, you are hereby respectfully
notified that any disclosures, copying, forwarding or distribution, or
the taking of any action based on the contents of this communication is
strictly prohibited.
_____________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
