JavaScript is disabled in your web browser. To take full advantage of this site, please enable javascript and refresh the page.
Next : Setting Up A Test Lab»
P e n   T e s t » I n t r o

It is most meet we arm us 'gainst the foe;
For peace itself should not so dull a kingdom,
Though war nor no known quarrel were in question,
But that defences, musters, preparations,
Should be maintain'd, assembled and collected,
As were a war in expectation.
Therefore, I say 'tis meet we all go forth
To view the sick and feeble parts of France.


- William Shakespeare
Henry V


Penetration test. Vulnerability assessment. Ethical hacking. Security audit. A rose by any other name would smell as sweet to the packet sniffer? To be sure, each of these phrases have subtly different meanings in the security audit arena. However, many of us use these terms interchangeably.

Whatever name we give it, we're testing the security of our own networks (or a customer's network, with their express written permission.) It is analogous to breaking and entering in order to test a home security system. Current and former students will recall my oft-repeated admonishments against trespassing. For those of you who have not attended my classes, here's the short version: Don't trespass. It's illegal. Worse, it's uncivilized. Were you raised by wolves?

That said, I thoroughly encourage you to try out pen testing. Collected here are my reviews of various pen testing tools, grouped by usage. Enjoy! For the sake of brevity, I will not cover formal audit strategies, concepts or procedures in great detail. It's mostly just tech breakdowns and tool reviews here.

I have categorized this pen testing section of the website according to the traditional phases of an audit. Recon first, then active attack, then covering tracks. This conforms to most formal pen testing methodologies, although I must say that it also has the virtue of being the pragmatic approach. You want to use the earlier phases of a pen test as a springboard to the more complicated phases.

Some of the tools that I have reviewed here are exceedingly user-friendly. You can run these point-and-click tools with only a rudimentary knowledge of how they work. I think that using the simplest, most human-friendly security tools is better than doing nothing at all. Therefore, if some tools look too complicated, please use the simpler tools. You can learn how to use the more complicated tools later on. Once you understand the underlying tech, you will be able to truly grok what the tool is doing. Go on, have a look under the hood. Here is an opportunity to learn, a mystery to be unraveled. Not sure where to start? This is the most logical learning path:

  • First, learn how computers function. Hardware, OSes, services, security.
  • Then learn how networks function. Hardware, protocols, routing, delivery methods.
  • Learn to program at least a little. Python or Java... and maybe C++ and Perl.
  • Set up a test lab.
  • Practice with these pen testing tools until you understand how they work.
  • Analyze the data you collect until you understand what the data signifies.
  • Modify and customize these pen testing tools to suit your needs.
  • If necessary, write your own scripts, tools and utilities.
  • Learn about pen testing methodologies.
  • Learn how pen testing fits into the overall security strategy.
  • Learn about formal auditing prodedures.
Pen testing relies more on problem-solving skills than knowing what button to push. Being creative and alert will serve you well. You do need to have a certain level of computing know-how, but much can also be learned from non-traditional sources such as game theory, Sun Tzu, pattern recognition systems and even Agatha Christie mysteries.

You'll have an interesting time if you have a curious mind. It's like playing with a multi-dimensional Rubik's Cube that grows periodically. Even if you lack the time or energy to really delve into the intricacies of pen testing, at least utilize a few of the most user-friendly tools to help you beef up security on your network.

You'll want to run a vulnerability assessment on your network on a regular basis. This should supplement (not replace) your "Maintain, monitor and mitigate" security strategy. (Patch all your systems, keep yourself up-to-date on the latest exploits and security holes, and regularly monitor your event logs and IDS systems. Rinse and repeat.)

Now let's have a quick look at some cheap and easy ways to set up a test lab.



Next : Setting Up A Test Lab»

© Copyright 2005 - 2007 machinae
Send all communication to
webmaster at machinae dot com