How To Pentest to our POC UTM appliance any help please.

[sitambokni]

Hi Gurus,

I have enough knowledge in Linux/Unix in security as well BUT I am new in BACKTRACK it was introduce to us from a IT Security organization here in PH. Right now were having a Proof of Concept for this UTM firewall i want to test this box how he handle attacks from the outside world. I want to test it for pentest, scanning, DOS and any exploits. Hope someone can guide me to link for How to's.

[phoenix910]

Well, for how to's, how bout checking in the "Tutorials & Guides" section on this forum first? Other than that, try searching for info. Key terms such as "exploits", "firewall testing", "port scan", "ssh attack", "metasploit", "dos", and research vulnerabilities in the UTM firewall, and if you are testing how it handles attacks from the outside, do not scan the box from inside the network, instead, gather your DNS and port information, and see what extra knowledge that would give you/the attacker, things like login names, possible passwords, company computers, etc. But obviously, being trained in security, you knew this already Right?

-Stephen

P.S., if you are familiar enough with Linux and Security stuff, all the tools are the same security tools that are in other linux distro's, so where's the trouble coming from? You obviously have permission to test this box from the outside, don't you

[imported_wyze]

Hi Gurus,

I have enough knowledge in Linux/Unix in security as well BUT I am new in BACKTRACK it was introduce to us from a IT Security organization here in PH. Right now were having a Proof of Concept for this UTM firewall i want to test this box how he handle attacks from the outside world. I want to test it for pentest, scanning, DOS and any exploits. Hope someone can guide me to link for How to's.

There isn't a single answer to your question. I'd think that some of the tests you would want to run would be some to try and identify the device / OS. If it's a stealthed device, run some tests to see if it actually is stealth from the outside world.

Try a Nessus scan, amap, nmap... etc.

If your good at Python and understand packet crafting, use Scapy.

There's also a nice big submenu in B|T's KDE menu titled 'Backtrack'. From their you will find the tools well organized and most if not all have man pages. Each tool's use / syntax is also a Google away in most cases.

[thorin]

How can your company build a firewall and not know how to test it?

Even if you don't know how to test it why not just put it bare butt on the internet and some IDS sensors or traffic capture devices around it and see what happens. If it falls over then you'll know what came in and made it cack.

[neos2k1]

I would say that the firewall should be tested by a different company(person). There would be a conflict of interests if the people that developed the firewall are those who are also performing the testing.

[thorin]

I would say that the firewall should be tested by a different company(person). There would be a conflict of interests if the people that developed the firewall are those who are also performing the testing.

I'd assume we're talking the last step in their internal testing, which would be done before they send it out to be tested by a third party or publication reviewer(s). Lets call it embarrassment avoidance testing It'd suck to send something out to reviewers just to find out that it didn't actually work.

[phoenix910]

And sometimes inside knowledge helps. I.e. you get a disgruntled ex employee who already knows possible usernames, which is more than a third party would know, so testing it yourself can be an advantage.

-Stephen