|
Domain controller penetration testing |
|
|
|
Written by Hans Straat,
Thursday, 08 June 2006
|
|
If you haven't performed a formal penetration test of your Windows domain controllers lately, then what better way to get your summer kicked off!? OK, it's not as relaxing as a day at the beach and won't be invigorating like a couple of hours on a personal watercraft, but it may prove to be interesting -- even downright entertaining. It's all in your perspective
Testing for security weaknesses in domain controllers isn't that much different from testing for security weaknesses in other Windows-based systems. The basic ethical hacking methodology of reconnaissance, enumeration, vulnerability discovery and vulnerability exploitation still applies. The big difference is that your servers may be protected by a firewall and thus not accessible from the public Internet. If you have a public IP bound to your systems or are running any publicly accessible services via network address translation or port forwarding, odds are something will crop up. read more
|
