Just to add my 2c, or 2p - I'd suggest that perhaps you check out the Open Source Sec. Testing Methodology - www.osstmm.org
It'll tell you what you're missing out on =) Wd ----- Original Message ----- From: "Jonas M Luster" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 20, 2002 2:20 AM Subject: Re: pen-testing for soho-routers > Quoting Albert Warnecke ([EMAIL PROTECTED]): > > > Then I find out, what my IP-address is and scan this IP with Nessus. > > Nessus will not tell you anything about a router's security. It'll > tell you a lot about the presence of already known vulnerabilities, > but nothing about how secure (or better, insecure) such a router is. > > > Is this a good idea that will yield relevant rsults? Did I miss something? Any > > suggestions for improvments? > > You missed the pen-test side of it. Vulnerability enumeration is but a > small part of the pie. > > It's - to mention something we are both familiar with :) - like > running Nessus against a Zope server. Or, even worse, one of the other > commercial products. None of them knows about Hotfixes - simply > because Zope has such a small 'Marketshare' (it still rocks, though). > How abot weak passwords, predictable passwords, backdoors? Nessus does > not address them, and was never meant, to. > > Netopia, FlowPoint, Cayman, they all have and had their share of bugs > and vulnerabilities, most of them undetectable through simple > vulnerability enumeration but easily found through diligent research > and a good portion of curiosity applied to common knowledge. > > Let me not be misunderstood here - Vulns found by Nessus are a serious > concern, simply because they're the most likely ones to be found and > exploited. There's gazillions of twelve-year-olds out there who have > nothing better to do than run Nessus against random netblocks after > school, but that's only a small fraction of what pen-tests are all > about. > > jonas > >
