Proactive Pen-testing On A Shoe-string
By Taylor Gillespie
Expert Author
Article Date: 2010-08-30
Networking a machine, regardless of whether or not it is public-facing, means that the computer is allowing remote access to certain ports for certain services. Many personal computers, running either a Unix-like operating system or a Windows-based operating system, have networking and firewall defaults that need to be tightened down.
Testing for penetration weaknesses becomes paramount to any LAN, whether for taking preventative measures against inside jobs, or for public-facing machines, against the world at-large. Years ago, besides the ubiquity of the wondrous Nmap and tcpdump, the goto application for self-penetration testing was Nessus. It still continues to thrive and is the A-one software suite for monitoring and testing the security of networked machines for both legitimate and illegitimate purposes. Nowadays, with their yearly commercial subscription rates, Nessus is available for only companies with considerable information technology budgets. Most small to mid-sized organizations cannot afford thousands per year on pure penetration and security testing. For those companies, several open source options exist to help test the vulnerability of networked machines.
First, there is the fork of the last open-sourced version of Nessus, the Open Vulnerability Assessment System (OpenVAS). Because it is a fork of Nessus, it retains and extends the core of Nessus. Unfortunately, the last open-sourced version of Nessus was 2.2, so it does not contain the major changes done to Nessus in version 3 and above. Fortunately, for most small offices, OpenVAS, supplies a vast number of features to ensure and double-check the major vulnerabilities, and because it uses the Nessus protocol, it is compatible with Nessus.
Another option for small networks is, NeXpose Community Edition from Rapid7. It can support up to 32 Internet protocol (IP) addresses. It is a nice security suite to try if your network is small enough, because it provides most of the major features as its commercial version. NeXpose also has tight integration with other popular security tools such as MetaSploit.
MetaSploit, also managed by Rapid7, should be integrated into any security vulnerability test suite. It makes testing machines against the most common and newest exploits easy. Developers publish "pluggable" exploit modules for whatever vulnerability you want to test for. Rapid7 is also recently driving the development of w3af. W3af specifically targets vulnerabilities in web applications, so look for closer integration of W3af in the future.
Remember, just because you are a smaller IT organization with a minimal budget, does not mean you are excused from proper vulnerability testing. Nmap will forever be your friend, but there are many options and open-sourced tools to aid in making sure your system setup is secure and up-to-date against the common vulnerabilities.
About the Author:
Taylor is a Staff Writer for WebProNews
|
