Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Dedication

Next Chapter

Acknowledgments

vii

Contents

Acknowledgments.......................................................................ix

About the Authors ......................................................................xi

1 Introduction ................................................................................. 1

Information Security Life Cycle ........................................................................1

Network Vulnerability Assessment (NVA) .......................................................2

Do I Need to Be a Technical Expert to Run an NVA? ..................................3

What Skill Level Is Needed? .............................................................................3

What Speciﬁc Skills Are Needed? ....................................................................3

Can One Person Perform an NVA? ..................................................................4

Introduction to Vulnerability Assessment ........................................................4

Goals of Vulnerability Assessment ...................................................................4

How Many Trees Should Die to Generate This Type of Report?.................6

What Are Vulnerabilities? ..................................................................................6

Classes of Vulnerabilities ..................................................................................7

Elements of a Good Vulnerability Assessment ...............................................9

Summary...........................................................................................................11

2 Project Scoping .......................................................................... 13

General Scoping Practices ..............................................................................14

Developing the Project Overview Statement ................................................16

Developing the Project Scope........................................................................19

Project Scope Document.................................................................................27

Project Scope Change .....................................................................................29

Summary...........................................................................................................31

3 Assessing Current Network Concerns ..................................... 33

Network Vulnerability Assessment Timeline .................................................34

Network Vulnerability Assessment Team (NVAT).........................................35

Threats to Computer Systems.........................................................................35

Other Concerns................................................................................................37

Additional Threats ...........................................................................................40

Prioritizing Risks and Threats.........................................................................42

Other Considerations.......................................................................................43

Checklists..........................................................................................................44

Summary...........................................................................................................45

viii Managing Network Vulnerability Assessment

4 Network Vulnerability Assessment Methodology................... 47

Methodology Purpose .....................................................................................47

Deﬁnitions ........................................................................................................48

Justiﬁcation.......................................................................................................48

Philosophy........................................................................................................49

Top-Down Examination ..................................................................................49

Bottom-Up Examination..................................................................................50

Network Vulnerability Assessment Methodology..........................................51

The NVA Process, Step-by-Step......................................................................58

Summary...........................................................................................................79

5 Policy Review (Top-Down) Methodology ................................ 81

Deﬁnitions ........................................................................................................81

Policy Contents ................................................................................................82

Contents............................................................................................................83

Review Elements..............................................................................................84

Summary...........................................................................................................87

6 Technical (Bottom-Up) .............................................................. 89

Step 1: Site Survey ..........................................................................................90

Step 2: Develop a Test Plan...........................................................................93

Step 3: Building the Toolkit .........................................................................107

Step 4: Conduct the Assessment ..................................................................153

Step 5: Analysis .............................................................................................156

Step 6: Documentation .................................................................................157

Summary.........................................................................................................157

Network Vulnerability Assessment Sample Report.............. 159

Table of Contents ..........................................................................................159

Executive Summary .......................................................................................159

Body of the NVA Report...............................................................................160

Summary.........................................................................................................161

Summary................................................................................... 185

APPENDICES

Appendix A-1: ISO 17799 Self-Assessment Checklist ................... 187

Appendix A-2: Windows NT Server 4.0 Checklist......................... 205

Appendix A-3: Network Vulnerability Assessment Checklist...... 209

Appendix B: Pre-NVA Checklist ...................................................... 215

Appendix C: Sample NVA Report ................................................... 223

Appendix D: NIST Special Publications ......................................... 267

Appendix E: Glossary of Terms...................................................... 271

Index ................................................................................................. 281

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Contents

Create new playlist

Sign In

Sign Up

Table of Contents for
Contents