- The Windows 2000\XP\.NET Resource Index
Home | About Us | Search

Last Updated December 16, 2003

Windows 2003
Windows 2000
Windows XP
Book Reviews
Career Tools
Device Drivers
Hardware Guides
MCSE Toolkit
Service Packs
  Articles & Whitepapers
  Books on Security
  Disaster Recovery
  FAQ's & Tutorials
  Incident Response
  Intrusion Detection
  Legal Resources
  Online Seminars
  Password Security
  Penetration Testing
  Security Links
  Securing Networks
  Social Engineering




Network Penetration & Vulnerability Testing

Finding holes in your system configurations before hackers do is an important, but often overlooked, process in securing your network. By using the same tools and methodologies hackers use, administrators can test their security procedures and discover vulnerabilities before they're exploited by someone else. To do it right, this testing requires a bit of planning, a small handful of tools, and good communication with the senior IT staff and management to make sure your efforts don't backfire on you. Many companies have dedicated internal "Tiger Teams" that perform these services for them on a regular basis, but there also several private companies that can conduct independent audits for you.
Where to Start
Penetration Studies © A Technical Overview
Penetration tests can be performed externally and/or internally. This paper takes the position of an unauthorized external user with no specific knowledge of the target network other then what is available via public information and what the malicious user can glean from the output of his tools and applications. (May 2002)

Penetration 101 © Introduction to becoming a Penetration Tester
The purpose of this paper is to give you a brief and basic overview of what to look for when starting out in penetration testing and to build up an internal penetration test kit to aid you in performing both internal and external penetration tests on your company network. To also make you aware of the problems with new network technology like wireless networks, and remote access devices that can circumvent network perimeter security devices like firewalls and IDS.  Whilst also showing you the pit falls of security, and the need to check all systems for vulnerabilities and to carry out regular patching and monitoring of all systems within your network.  This paper also lists suggested well known security penetration tools for both Linux and Windows operating systems. Source: (May 2002)

Penetration Testing Exposed
Part three of our series on "Audits, Assessments & Tests (Oh, My)" explores penetration testing, the controversial practice of simulating real-world attacks by discovering and exploiting system vulnerabilities. Source: Information Security Magazine (September 2000)

Additional Articles

A Model for Peer Vulnerability Assessment
This paper proposes a model for ongoing assessment to be performed by the system administrators that includes testing and assessment in a non-threatening environment that provides added value of education for those performing the assessments. We will first examine existing methods of assessment, make the case for a peer assessment, explore the goals and benefits of a peer assessment, and outline a generic assessment model. Source: (December 17, 2001)

Fortifying Your Security Arsenal
Penetration testing is valuable for reality-checking your security procedures. But finding the right company to perform a penetration test isn't easy, and you have to work closely with the individual or company that performs the testing. Source: Network Magazine

Glossary of Vulnerability Testing Terminology
Several glossaries are available from different fields of expertice on the software engineering and information security. Yet, terminology used in the context of implementation level vulnerabilities has not stabilised. This document collects the relevant definitions from our main areas of interest. Terms are introduced with reference to the source. When multiple sources present the same details on a term, only one is usually noted. An attempt is made to preserve the form of definition used in the original source. The glossary with original wording and reference details has been found useful within the group, thus we are making it publicly available herein. Please do not refer to this glossary, the original source is preferred. Source: University of Oulu

Guidelines for Developing Penetration ©Rules of Behavior?
Regardless of the reason that draws the target organization to engage a ©tiger team? to simulate hacker network attacks, the penetration testing organization has many challenges in interpreting and delivering on the client©s requirements. Clearly, understanding the target organization's expectations is the most critical part of planning and implementing the penetration test. The penetration ©rules of behavior? document serves an important role in formalizing the results of the planning phase for the penetration test. Source: August 14, 2001)

Penetration Testing © Is it right for you?
The process of performing a penetration test is to verify that new and existing applications, networks and systems are not vulnerable to a security risk that could allow unauthorized access to resources. This paper will review the steps involved in preparing for and performing a penetration test. The intended audience for this paper is project directors or managers who might be considering having a penetration test performed. The process of performing a penetration test is complex. Each company must determine if the process is appropriate for them. Source: (March 20, 2002)

Penetration Testing: The Third Party Hacker
Companies expect third party vendors who perform penetration testing to be very honest with them, but this has proven not to be the case in every instance. Moreover, the risks associated with use of third-party testing organizations are somewhat different from those associated with the usual issues of penetration of the system from outside. This presentation is intended to help management make the right choice when outsourcing penetration testing. Source: (February 11, 2002)

What to demand from penetration testers
Any organization contemplating a penetration test should understand the serious issues surrounding the decision. The people championing the penetration test should also analyze their reasons for doing so; the introspection may be enlightening. Source:

Your First Penetration Test
Having an independent accounting firm perform a thorough audit of your organization©s financial records is customary; in fact, for a publicly held company, it?s required. In today?s connected society, it's equally important to conduct independent testing to assure that your organization's security policies adequately cover your assets (ahem) and are correctly implemented in your security systems. A penetration test or security audit provides an assessment of the vulnerabilities in your security. Moreover, a well-conducted penetration test, performed by a competent organization, will help you determine whether your operational practices, equipment, and policies are up to the task. Source: Corecom

Entire contents
© 1999-2003 and TechTarget
All rights reserved

This site and its contents are Copyright 1999-2003 by Microsoft, NT, BackOffice, MCSE, and Windows are registered trademarks of Microsoft Corporation. Microsoft Corporation in no way endorses or is affiliated with The products referenced in this site are provided by parties other than makes no representations regarding either the products or any information about the products. Any questions, complaints, or claims regarding the products must be directed to the appropriate manufacturer or vendor.