Gene made some very good points (as usual) but would just like to add
one other plus some personal perspective:
A "challenge" machine rarely needs to do any "real work". It is user
requirements that open most holes.
Periodically I am asked to do pernetration testing. Invariably I pass up
such opportunities since IMNSHO they are a waste of time and dangerous
to boot. Several reasons for this:
a) the poor unsuspecting sysadmin is rarely on the distribution list.
b) the requestor often does not have authority over the machine in question
(and will rarely admit it)
c) some attacks will break things (and you never know what until after the
damage is done).
d) penetration testing is a lousy way to assess a system.
My idea of a proper assessment is to thoroughly survey a site from the inside,
map all systems, subnets, and nodes including sweeps of the telephone lines,
identify the crossing points, and study the access controls in place with an
indepth examination of those systems responsible for enforcement of the
At the end of that time, no penetration testing is needed, you can identify
the holes and if the sysadmin/system owner wants to validate then, that is
their business (may help but they push the keys).
The fact is that one can tell far more from the system console of a Cisco
router than anyone can banging on it from the outside so why should one bother
except to verify that it works as advertised (one reason I read this list)
with anything else ?
IMNSHO, anyone asking for penetration testing from the outside is either
cheap or ignorant. I can help with the second.
ps of course, having a day job helps one remain objective 8*)