We have configured the one rule in our Smoothwall firewall, and this has been the only filtering we have configured. While we would love to test from an external location and not have any filtering in place which would effectively give us a flat network, in reality, this will rarely be the case. Therefore, we want a minimal set of filters set in our architecture that will resemble something that we may see in typical network architecture. There is an important point to make here: if we run into a well-configured layered and protected architecture, we will only get through on the ports that they have to allow to ingress to their services. This is the reality of testing; a well-configured architecture will not offer many vectors for us outside of the ones they have to allow. Consequently, this is not a bad thing because we know there will be openings and we will virtually always have a web server and web applications to work with.
Building Virtual Pentesting Labs for Advanced Penetration Testing
By :
Building Virtual Pentesting Labs for Advanced Penetration Testing
By:
Overview of this book
Table of Contents (20 chapters)
Building Virtual Pentesting Labs for Advanced Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Introducing Penetration Testing
Choosing the Virtual Environment
Planning a Range
Identifying Range Architecture
Identifying a Methodology
Creating an External Attack Architecture
Assessment of Devices
Architecting an IDS/IPS Range
Assessment of Web Servers and Web Applications
Testing Flat and Internal Networks
Attacking Servers
Exploring Client-side Attack Vectors
Building a Complete Cyber Range
Index
Customer Reviews