RE: Vulnerability assessment for small business

From: Michael Scheidell (scheidell@secnap.net)
Date: Sun Oct 02 2005 - 17:18:55 EDT


> -----Original Message-----
> From: Billy Dodson [mailto:billy@pmicromart.com]
> Sent: Tuesday, September 27, 2005 5:34 PM
> To: pen-test@securityfocus.com
> Subject: Vulnerability assessment for small business
>
>
>
>
> When doing a vuln assessment for a small business (25 PC's,
> no server) which is using a peer-to-peer windows network, how
> do you approach this? Say the customer has a firewall...but
> they don't host any services. All of the PC's have local

Client already failed. Without a central policy manager, they have no
hope at all of locking out a future ex-employee.

First thing to do is convince them to get that issue resolved.

Other than that, even without a central username, password, you could
run nessus, and metasploit on it and you WILL come up with lots of
reasons to move toward central policy management.

Hydra with smb support or smbbf could check each local machine for weak
passwords.

You might also specify that you will conduct individual scans on several
'sample' systems, locally, on the machine. Run Microsoft security
baseline analyzer.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT