Network Security

Question 24

What other approaches could be applied for vulnerability checks?

  • Other approaches could include Social engineering (per phone and on-site).
  • And trying to reveal poorly chosen shared secrets and passwords using brute force attacks.
  • How are data and servers protected fysically ?
  • Are the log files monitored, secured and set up correctly ?
  • Does the company have any recovery plans and have they tested their data backups.
  • We can also attempt to perform a 'Man-in-the-middle', flooding and Wi-Fi attacks.
  • Is paper maculated before leaving the building ?
  • How much information can be gathered by legally queyring public databases and telnet company servers ?
  • Does the IT department detect if a packet sniffer is installed ?