1st Edition

Managing A Network Vulnerability Assessment

    306 Pages 66 B/W Illustrations
    by Auerbach Publications

    306 Pages
    by Auerbach Publications

    The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies, and procedures that expose a company to the damage caused by malicious network intruders.

    Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them.

    By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.

    Introduction
    Information Security Lifecycle
    Network Vulnerability Assessment
    Do I Need to be a Technical Expert to Run an NVA?
    What Level of Skill Is Needed?
    Which Specific Skills Are Needed?
    Can One Person Run an NVA?
    Introduction to Vulnerability Assessment
    Goals of Vulnerability Assessment
    How Many Trees Should Die to Generate This Type of Report?
    What Are Vulnerabilities?
    Classes of Vulnerabilities
    Elements of a Good Vulnerability Assessment

    Project Scoping
    General Scoping Practices
    Developing the Project Overview Statement
    Developing the Project Scope
    Project Scope Document
    Project Scope Change
    Summary

    Assessing Current Network Concerns
    Network Vulnerability Assessment Timeline
    Network Vulnerability Assessment Team (NVAT)
    Threats to Computer Systems
    Other Concerns
    Additional Threats
    Prioritizing Risks and Threats
    Other Considerations
    Checklists
    Summary

    Network Vulnerability Assessment Methodology
    Methodology Purpose
    Definitions
    Justification
    Philosophy
    Top-Down Examination
    Bottom-Up Examination
    Network Vulnerability Assessment Methodology
    The NVA Process (Step-by-Step)
    Summary

    Policy Review (Top-Down) Methodology
    Definitions
    Policy

    Review Elements
    Summary

    Technical (Bottom-Up)
    Step 1: Site Survey
    Step 2: Develop a Test Plan
    Step 3: Building the Toolkit
    Step 4: Conduct the Assessment
    Step 5: Analysis
    Step 6: Documentation
    Summary

    Network Vulnerability Assessment Sample Report
    Table of
    Executive Summary
    Body of the NVA Report
    Summary

    Summary

    Appendixes
    ISO17799 Self-Assessment Checklist
    Window NT Server 4.0 Checklist
    Network Vulnerability Assessment Checklist
    Pre-NVA Checklist
    Sample NVA Report
    NIST Special Publications
    Glossary of Terms

    Biography

    Thomas R. Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , Justin Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , John A. Blackley (Peltier & Associates) (Author)

    "Readers will find detailed definitions, thorough explanations, step-by-step procedures, and sample reports to guide them through a network vulnerability assessment (NVA). … [The book] is clear and easy to read, conveying the authors' outstanding grasp of the material. Despite the extremely detailed content, the presentation is not too technical or confusing. Numerous graphs, sample reports, and computer illustrations effectively support the text. … Of the many readers who would benefit from this work, security managers responsible for computer protection will learn how to conduct an NVA. IT professionals will benefit from the exposure to detailed security concepts and procedures. Finally, college instructors and students will find that the work serves as an excellent educational resource."
    - Security Management, Sept. 2004

    Promo Copy