xii Managing Network Vulnerability Assessment
Justin Peltier, CISSP, MCNE, MCP, CCSE, RHCE, CCNA, is a Senior Security
Consultant with Peltier & Associates, with more than eight years of experience
in planning, designing, and implementing technical security solutions in a
wide range of operating environments. As a consultant, Justin has been
involved in implementing, supporting, and developing security solutions, and
has taught courses on many facets including vulnerability assessment and
CISSP preparation. Formerly with Suntel Services, Justin directed the security
practice development. Prior to that, he was with Netigy where he was involved
with the corporate training effort, serving as the company’s primary technical
instructor in the areas of vulnerability assessment, risk analysis, virtual private
networking, policies and procedures, and penetration testing. Mr. Peltier has
lead classes for MIS, Netigy, Computer Security Institute, Suntel Services, and
Sherwood Associates. He has expert-level experience with projects related to
Novell, NT, Sun Solaris, Linux, and Netscape systems, as well as with Ethernet,
Token Ring, TCP/IP, and IPX/SPX topologies and protocols. Mr. Peltier’s CBK
specialty domains include Telecommunications and Network Security; Cryp-
tography; Access Control Systems and Methodologies; and Security Architecture
and Models.
Tom Peltier is in his fifth decade of computer technology. During this time
he has shared his experiences with fellow professionals and, because of his
work, was given the 1993 Computer Security Institute’s (CSI) Lifetime Achieve-
ment Award. In 1999, the Information Systems Security Association (ISSA)
bestowed its Individual Contribution to the Profession Award and in 2001 he
was inducted into the ISSA Hall of Fame. Tom was also awarded the CSI
Lifetime Emeritus Membership Award. He began his career five decades ago
as an operator, moving on to become an applications programmer and systems
programmer, systems analyst, and information systems security officer. Cur-
rently, he is the president of Peltier & Associates, an information security
training firm. Prior to this he was Director of Policies and Administration for
Netigy’s Global Security Practice. Tom was the National Director for Consulting
Services for CyberSafe Corporation, and the Corporate Information Protection
Coordinator for Detroit Edison. This program has been recognized for excel-
lence in the field of computer and information security by winning the
Computer Security Institute’s Information Security Program of the Year for
1996. Tom previously was the Information Security Specialist for General
Motors Corporation, responsible for implementing an information security
program for GM’s worldwide activities.
Over the past decade, Tom has averaged four published articles a year on
various computer and information security issues, including developing poli-
cies and procedures, disaster recovery planning, copyright compliance, virus
management, and security controls. He has had four books published: Policies,
Standards, Guidelines and Procedures: Information Security Risk Analysis;
Information System Security Policies and Procedures: A Practitioners’ Refer-
ence; The Complete Manual of Policies and Procedures for Data Security and