One of the things that IT never seems to take seriously is securing systems. Whether the system can be reached over the Internet or is on an internal only network it never seems to be something that is taken seriously. It always feels like an after thought.
One of the things you can do is to use some of the same tools that a cracker might use to gain access to your system. Then you’ll see what they would see. And if you see nothing and they’re using the same tools then they’ll see nothing and move on.
Just as in real life the objective is to make it hard enough so that they lose interest and move on to someone else.
When I used to do penetration testing we basically just setup and ran Nessus scans over the Internet. Then we’d produce a report and collect the cash for running an open source tool against their servers. Nessus ran nicely over an internal network but could take days when running over the Internet to a remote site. Didn’t matter. It did it’s job and found ways to penetrate a remote server and let me do things that I shouldn’t have been able to. Although I never did anything malicious I always did have a signed contract in front of me allowing me to do so. Doing this kind of thing without the owners permission can get you into some serious legal hot water.
The techs on the other end usually knew it was coming and most were good-natured about it. A few got mad. Oh well. Such is life.
The big kid on the block is now Metasploit. And if you’re an old time Nessus user such as myself then you’ll be glad to learn that Metasploit can interface with nmap, Nessus, and a few other tools. It can also store things in a database if you need it to.
Metasploit is written in the Ruby programming language.
The good news if you’re running Solaris 11 is getting Metasploit installed and running is a very painless process.
pkg install runtime/ruby-18
as root or equivalent will get you the environment that you need to run Metasploit.
Then you just need to download the framework from:
and you’re set to go.
As with most software packages getting it installed is the easy part. Getting it to do something useful is the hard part. The documentation that comes with Metasploit leaves a lot to be desired.
Rather than trying to recreate the wheel I’ll point you at some excellent documentation for how to use the framework.
Is an awesome book for learning the nuts and bolts of how to use the tool in front of you.
Syngress has their own book on this subject as well.
The one from No Starch tries to “future proof” you to changes in the user interface.
The types of exploits that it can scan for my change on a monthly, weekly, or even a daily basis. However, how you use the tool should be pretty static. And that’s what the book tries to teach you.
It also introduces you to the how. How does a browser attack work? How does a jiggered e-mail attachment work? Even if you have no desire to try to crack a system you may gain insight into how it is done.
So the next step, if there is one, is up to you. Get a copy of the book and start reading. And then you’ll understand things that you did not understand before.