Penetration Test Parameters Questionnaire

The test team is restricted to after-hours testing as follows: Light network scans Heavy network scans oint scan testing !enial-of-service testing "onfiguration audits #ar dialing [Yes/No] [Yes/No] [Yes/No] [Yes/No] [Yes/No] [Yes/No] [Time range] [Time range] [Time range] [Time range] [Time range] [Time range]

The test team has $een re%uested to follow additional guidelines while testing: [&'ecify any additional guidelines] IP Addresses List of ( addresses to $e tested: [List ( addresses and ranges to $e tested] &'ecific ( addresses targeted for 'oint scans "hosen $y client: [List ( addresses and ranges to $e tested] "hosen $y the test team: [List ( addresses and ranges to $e tested] &'ecific ( addresses to $e used for the )&* +)nter'rise &ecurity *anager, configuration audit "hosen $y client: [List ( addresses and ranges to $e tested] "hosen $y the test team: [List ( addresses and ranges to $e tested] Configuration Audit

Num$er of &ysLog &ervers: Windows 2000 Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: Num$er of domain controllers: Sun Solaris Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: Other UNIX Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: VAX/VMS Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: inu! Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: Win2000 Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested:

[-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-] [-]

Other O"erating S#ste$s Num$er of servers: ercentage of servers to $e tested: Num$er of workstations: ercentage of workstations to $e tested: %irewalls .oundary firewall+s, ty'e: Num$er of $oundary firewall+s,: (nternal firewall+s, ty'e: Num$er of internal firewall+s,: Cr#"togra"hi& Anal#sis "lient has re%uested that the test team e-amine the design of the following cry'tosystems: [List cry'tosystems/ such as 0( system or ( &ec/ that have $een re%uested] Password Cra&'ing Windows 2000 &*. ca'ture 'asswords: 1etrieve from domain controller: .rute-force standard al'ha$et: .rute-force all characters: Time to run: No(ell NetWare .rute-force standard al'ha$et: .rute-force all characters: Time to run: UNIX .rute-force standard al'ha$et: .rute-force all characters: Time to run: inu! .rute-force standard al'ha$et: .rute-force all characters: [Yes/No] [Yes/No] [Yes/No] [Yes/No] [Hours/ u' to 23] [Yes/No] [Yes/No] [Hours/ u' to 23] [Yes/No] [Yes/No] [Yes/No] [Yes/No] [Hours/ u' to 23] [list] [-] [list] [-] [-] [-] [-] [-]

Time to run: Win2000 .rute-force standard al'ha$et: .rute-force all characters: Time to run: A""li&ation )!a$ination

[Hours/ u' to 23] [Yes/No] [Yes/No] [Hours/ u' to 23]

"lient has re%uested that the test team e-amine the source code of the following a''lications for vulnera$ilities: [List a''lications re%uested] War *ialing [List 'hone num$er ranges]