Tarabai, O. (2014):
A Penetration Testing Framework for the Munich Scientific Network
The Leibniz Supercomputing Center (LRZ) is mainly responsible for providing computational resources and operating the network backbone of the Munich Scientific Network (MWN). Since abuse complaints received from external networks are forwarded by the LRZ to the responsible local administrators, it is desired to provide the administrators with the ability to perform regular and on-demand network/security scans of their networks to reduce risks and minimize the administrative overhead performed by the LRZ. The goal is to design and implement a centralized scanning framework that can issue on-demand and periodic scans and implements common scan types such as port scanning and version detection while being easily extensible with new scan types. To evaluate the framework, we performed a large-scale SSH scan of the MWN and analyzed the results for some common SSH weaknesses such as duplicated and factorable cryptographic keys.