While at BT I attended the Internet Security Systems Ethical Hacker course .. I set up and trained in the use of pen testing machines using industry standard tools for use in BTs internet data centres. We used Nessus, Sam spade, iss scanner, nMap and other industry standard methods.
Testing for current significant vulnerabilities is undertaken as follows :-
Firewalls and Network security Testing ….
I am certified and experienced in Firewall design and configuration.
Experienced on Proxy Server configuration.
DNS security testing.
Protocol analysis and specialised port scanning for network mapping
Clear text password problem testing.
Routing and router insecurities.
SMTP header analysis.
SNMP MIB vulnerability analysis
Unix Platforms and
Microsoft Platforms (NT and Windows 2000) Testing ..
R command enumeration.
NFS exported directory enumeration.
X server detection.
FTP server vulnerabilities.
Web server vulnerabilities.
TFTP server vulnerabilities.
Banner grabbing vulnerabilities.
Samba shares vulnerabilities.
Netbios share vulnerabilities and enumeration.
User name enumeration through RID cycling.
User name and password testing.
IIS and NT Windows 2000 vulnerabilities.
Microsoft SQL server vulnerabilities.
NT trust relationship vulnerabilities.