viii Managing Network Vulnerability Assessment
4 Network Vulnerability Assessment Methodology................... 47
Methodology Purpose .....................................................................................47
Definitions ........................................................................................................48
Justification.......................................................................................................48
Philosophy........................................................................................................49
Top-Down Examination ..................................................................................49
Bottom-Up Examination..................................................................................50
Network Vulnerability Assessment Methodology..........................................51
The NVA Process, Step-by-Step......................................................................58
Summary...........................................................................................................79
5 Policy Review (Top-Down) Methodology ................................ 81
Definitions ........................................................................................................81
Policy Contents ................................................................................................82
Contents............................................................................................................83
Review Elements..............................................................................................84
Summary...........................................................................................................87
6 Technical (Bottom-Up) .............................................................. 89
Step 1: Site Survey ..........................................................................................90
Step 2: Develop a Test Plan...........................................................................93
Step 3: Building the Toolkit .........................................................................107
Step 4: Conduct the Assessment ..................................................................153
Step 5: Analysis .............................................................................................156
Step 6: Documentation .................................................................................157
Summary.........................................................................................................157
7
Network Vulnerability Assessment Sample Report.............. 159
Table of Contents ..........................................................................................159
Executive Summary .......................................................................................159
Body of the NVA Report...............................................................................160
Summary.........................................................................................................161
8
Summary................................................................................... 185
APPENDICES
Appendix A-1: ISO 17799 Self-Assessment Checklist ................... 187
Appendix A-2: Windows NT Server 4.0 Checklist......................... 205
Appendix A-3: Network Vulnerability Assessment Checklist...... 209
Appendix B: Pre-NVA Checklist ...................................................... 215
Appendix C: Sample NVA Report ................................................... 223
Appendix D: NIST Special Publications ......................................... 267
Appendix E: Glossary of Terms...................................................... 271
Index ................................................................................................. 281