Index 291
-enabled application(s)
testing of, 146
vulnerabilities in, 6
exploit tools, 155
security tools, 108, 138
server(s)
development, 247
tools, 142
vulnerabilities in, 143
site(s)
Astalavista, 95
attrition.org, 97
embarrassing information on, 110
Fu**Edcompany.Com, 111
NIST, 84
Pelttech, 100
Sam Spade raw, 121
SEC.gov, 111
security, 101–104
SecurityFocus, 97–98
2600, 99
USSR Back, 96
Webtrends Security Analyzer, 155
WEPCrack, 151
Whistle-blowers, 64
Whois, Sam Spade, 116
Wide area network (WAN), 34, 92
WinCrash, 151
Windows
-authenticated networks, security of,
144
enterprise-scale vulnerability assessment
product for, 149
NT, 10
Server 4.0 checklist, 205–207
system, security of, 149
UDP Port Scanner (WUPS), 130, 131
Wireless networking
standards, 151
testing tools, 109
Wireless sniffing, 155
Wireless testing, 155
Wireless tools, 139, 151
Work Breakdown Structure, 15
Worm
Code Red, 37
Nimda, 37
WUPS, see Windows UDP Port Scanner
Z
Zero-information-based (ZIB)
attack, 251
tools, 93, 108, 109, 121
ZIB, see Zero-information-based
Zone transfer, 116
Sam Spade failed, 117
successful, 117
AU1270cover 4/29/03 11:09 AM Page 1
Composite
C M Y CM MY CY CMY K
The instant access that hackers have to the latest
tools and techniques demands that companies
become more aggressive in defending the security
of their networks. Conducting a network
vulnerability assessment, a self-induced hack
attack, identifies the network components and
faults in policies and procedures that expose a
company to harm by malicious network intruders.
Managing a Network Vulnerability Assessment
provides a formal framework for finding and
eliminating network security threats, ensuring that
no vulnerabilities are overlooked. This thorough
overview focuses on the steps necessary to
successfully manage an assessment, including
the development of a scope statement, the understanding and proper use of assessment methodology,
the creation of an expert assessment team, and the production of a valuable response report. The
book also details what commercial, freeware, and shareware tools are available, how they work, and
how to use them.
By following the procedures outlined in this guide, a company can pinpoint what individual parts of
their network need to be hardened and avoid expensive and unnecessary purchases.
Managing a Network Vulnerability Assessment:
• Identifies and prioritizes threats based upon incidents reported to CIAC and CERT
• Critiques network security policies based upon ISO 17799 international standards
• Reviews the requirements for establishing a quarantined site for the testing of
freeware and shareware
• Discusses how to delegate the security assessment of individual network components,
such as routers, bridges, gateways, servers, and cabling
• Examines the creation of effective vulnerability assessment reports, and details how they
can be used by management to monitor the success of proposed security remedies
AU1270
AUERBACH PUBLICATIONS
www.auerbach-publications.com
PELTIER
PELTIER
BLACKLEY
Managing a Network Vulnerability Assessment
COMPUTER SECURITY
Managing a Network
Vulnerability Assessment
THOMAS R. PELTIER, JUSTIN PELTIER,
and JOHN A. BLACKLEY
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.