1st Edition
Managing A Network Vulnerability Assessment
The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies, and procedures that expose a company to the damage caused by malicious network intruders.
Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them.
By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.
Information Security Lifecycle
Network Vulnerability Assessment
Do I Need to be a Technical Expert to Run an NVA?
What Level of Skill Is Needed?
Which Specific Skills Are Needed?
Can One Person Run an NVA?
Introduction to Vulnerability Assessment
Goals of Vulnerability Assessment
How Many Trees Should Die to Generate This Type of Report?
What Are Vulnerabilities?
Classes of Vulnerabilities
Elements of a Good Vulnerability Assessment
Project Scoping
General Scoping Practices
Developing the Project Overview Statement
Developing the Project Scope
Project Scope Document
Project Scope Change
Summary
Assessing Current Network Concerns
Network Vulnerability Assessment Timeline
Network Vulnerability Assessment Team (NVAT)
Threats to Computer Systems
Other Concerns
Additional Threats
Prioritizing Risks and Threats
Other Considerations
Checklists
Summary
Network Vulnerability Assessment Methodology
Methodology Purpose
Definitions
Justification
Philosophy
Top-Down Examination
Bottom-Up Examination
Network Vulnerability Assessment Methodology
The NVA Process (Step-by-Step)
Summary
Policy Review (Top-Down) Methodology
Definitions
Policy
Review Elements
Summary
Technical (Bottom-Up)
Step 1: Site Survey
Step 2: Develop a Test Plan
Step 3: Building the Toolkit
Step 4: Conduct the Assessment
Step 5: Analysis
Step 6: Documentation
Summary
Network Vulnerability Assessment Sample Report
Table of
Executive Summary
Body of the NVA Report
Summary
Summary
Appendixes
ISO17799 Self-Assessment Checklist
Window NT Server 4.0 Checklist
Network Vulnerability Assessment Checklist
Pre-NVA Checklist
Sample NVA Report
NIST Special Publications
Glossary of Terms
Biography
Thomas R. Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , Justin Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , John A. Blackley (Peltier & Associates) (Author)
"Readers will find detailed definitions, thorough explanations, step-by-step procedures, and sample reports to guide them through a network vulnerability assessment (NVA). … [The book] is clear and easy to read, conveying the authors' outstanding grasp of the material. Despite the extremely detailed content, the presentation is not too technical or confusing. Numerous graphs, sample reports, and computer illustrations effectively support the text. … Of the many readers who would benefit from this work, security managers responsible for computer protection will learn how to conduct an NVA. IT professionals will benefit from the exposure to detailed security concepts and procedures. Finally, college instructors and students will find that the work serves as an excellent educational resource."
- Security Management, Sept. 2004
Promo Copy