Pen testing

[AW]

Hi all, what tools can I use to do pen testing on out
external IP's (web servers, routers, firewall), I would
like to see hoe secure they are?

Thanks

AW

 

[Karl Levinson [x y] mvp]

Hi all, what tools can I use to do pen testing on out
external IP's (web servers, routers, firewall), I would
like to see hoe secure they are?

What you would be doing is probably better refered to as a vulnerability
assessment scan, since you will be relying on canned tools. You should
first make sure you've done an assessment internally, starting with
hardening configuration checklists and checking patches using MBSA etc.

http://securityadmin.info/faq.asp#harden
www.microsoft.com/technet/security
www.nsa.gov/snac
www.microsoft.com/mbsa

Any vulnerability assessment you do yourself from the outside is not as good
as a professional pen test and does not necessarily certify that a real
hacker could not easily get into your network. Some very basic tools you
might use for free are below.

http://securityadmin.info/faq.asp#portscan

Some tools you might consider that are not on the list include Nessus,
Knoppix-STD [which includes Nessus and other tools], and maybe easiest for
you, there's a free version of Nessus at www.tenablesecurity.com that runs
entirely on Windows.

 

[Enno Lenze]

Hi all, what tools can I use to do pen testing on out
external IP's (web servers, routers, firewall), I would
like to see hoe secure they are?

nessus will be good (www.nessus.org) and nmap for portscanning
(http://www.insecure.org/nmap/)

regards, enno