Results 1 to 7 of 7

Thread: How To Pentest to our POC UTM appliance any help please.

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    1

    Default How To Pentest to our POC UTM appliance any help please.

    Hi Gurus,

    I have enough knowledge in Linux/Unix in security as well BUT I am new in BACKTRACK it was introduce to us from a IT Security organization here in PH. Right now were having a Proof of Concept for this UTM firewall i want to test this box how he handle attacks from the outside world. I want to test it for pentest, scanning, DOS and any exploits. Hope someone can guide me to link for How to's.

  2. #2

    Default

    Well, for how to's, how bout checking in the "Tutorials & Guides" section on this forum first? Other than that, try searching for info. Key terms such as "exploits", "firewall testing", "port scan", "ssh attack", "metasploit", "dos", and research vulnerabilities in the UTM firewall, and if you are testing how it handles attacks from the outside, do not scan the box from inside the network, instead, gather your DNS and port information, and see what extra knowledge that would give you/the attacker, things like login names, possible passwords, company computers, etc. But obviously, being trained in security, you knew this already Right?

    -Stephen

    P.S., if you are familiar enough with Linux and Security stuff, all the tools are the same security tools that are in other linux distro's, so where's the trouble coming from? You obviously have permission to test this box from the outside, don't you

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by sitambokni View Post
    Hi Gurus,

    I have enough knowledge in Linux/Unix in security as well BUT I am new in BACKTRACK it was introduce to us from a IT Security organization here in PH. Right now were having a Proof of Concept for this UTM firewall i want to test this box how he handle attacks from the outside world. I want to test it for pentest, scanning, DOS and any exploits. Hope someone can guide me to link for How to's.
    There isn't a single answer to your question. I'd think that some of the tests you would want to run would be some to try and identify the device / OS. If it's a stealthed device, run some tests to see if it actually is stealth from the outside world.

    Try a Nessus scan, amap, nmap... etc.

    If your good at Python and understand packet crafting, use Scapy.

    There's also a nice big submenu in B|T's KDE menu titled 'Backtrack'. From their you will find the tools well organized and most if not all have man pages. Each tool's use / syntax is also a Google away in most cases.
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    How can your company build a firewall and not know how to test it?

    Even if you don't know how to test it why not just put it bare butt on the internet and some IDS sensors or traffic capture devices around it and see what happens. If it falls over then you'll know what came in and made it cack.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    5

    Default

    I would say that the firewall should be tested by a different company(person). There would be a conflict of interests if the people that developed the firewall are those who are also performing the testing.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by neos2k1 View Post
    I would say that the firewall should be tested by a different company(person). There would be a conflict of interests if the people that developed the firewall are those who are also performing the testing.
    I'd assume we're talking the last step in their internal testing, which would be done before they send it out to be tested by a third party or publication reviewer(s). Lets call it embarrassment avoidance testing It'd suck to send something out to reviewers just to find out that it didn't actually work.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7

    Default

    And sometimes inside knowledge helps. I.e. you get a disgruntled ex employee who already knows possible usernames, which is more than a third party would know, so testing it yourself can be an advantage.

    -Stephen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •