Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Please help ! need to check IIS volunrabilities.

from [miguel . dilaj] Network Security [Permanent Link]
Subject: Re: Please help ! need to check IIS volunrabilities.
Date: Tue, 23 Nov 2004 08:55:25 +0000 
Hi Juan,

Don't worry, no one is perfect. You'll surely improve over time ;-)

Now to your question. Don't throw everything but the kitchen sink to the 
server. Usually one or two vulnerability assessment tools are more than 
enough, and Nessus (if kept up to date) is fairly reliable.
The questions you've to ask are different, for example (and in no 
particular order):

1) I'm running IIS, Apache, whatever, and Nessus reports problem XXXXX. Do 
I know how to verify if this problem is true or a false positive. If it's 
true... Do I know how to patch it?
2) How often do I update Nessus (main executable) and the NASL plugins?
3) Are my servers running any kind of web application that can be prone to 
other types of attacks? (Examples: password bruteforcing, SQL Injection, 
path/information disclosure, command execution, Java/ASP/whatever source 
code disclosure, etc)
4) Are there any OTHER avenues of attack other than the webservers? Other 
services? Other servers? Vulnerable network devices?
5) Is the configuration of the DMZ "watertight"? (In particular: 
connections STARTING in the DMZ must be forbidden).
6) Do a port scan to all machines/devices in the DMZ, deactivate anything 
that's not needed, and keep that information as your baseline
7) etc ;-)

You can combine Nessus with Nikto to help *a bit* with web application 
testing, if you're using one or more web apps, but the art of pen-testing 
web applications hasn't been automated, yet ;-)

Last words: start to learn and practice to BE a hacker. At least to think 
like one. Remember that hackers are not bad guys, it's just the bad press.
Cheers,

Miguel
aka Nekromancer






Juan B <juanbabi@yahoo.com>
22/11/2004 14:56

 
        To:     security-basics@securityfocus.com
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        Please help ! need to check IIS volunrabilities.


Hi,

Im a sys admin new to security,

I want to scan all the web servers we have in the DMZ
for volunrabilities I check them with Retina and
Nessus.

What else to check? and with which tool ?

I AM NOT A HACKER !

thanks !!


 
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: USB Security, Jimi Thompson
Next by Date:  RE: Changing IP address as standard user, Jim McBurnett
Previous by Thread:  RE: Please help ! need to check IIS volunrabilities., dave kleiman
Next by Thread:  RE: Please help ! need to check IIS volunrabilities., Beauford, Jason
Indexes:  [Date] [Thread] [Top] [All Lists]