Overview of the Book's Contents
We would like to introduce this book from a
view. The first two chapters, "Introduction to
Assessing Network Vulnerabilities" and "Foundations and Principles
of Security," serve as a foundation for later chapters. These
chapters introduce basic concepts of everything we will talk about
throughout the book. Chapter 3, "Why Risk Assessment," and Chapter
4, "Risk Assessment Methodologies," deal
with risk. We
examine risk terminology, quantitative risk assessment, qualitative
risk assessment, and how risk is
in real life.
Chapters 5 through 10 are designed to guide you
through the security assessment process. Chapter 5, "Scoping the
a discussion of the scoping phase. Topics such
as the forces driving the assessment are introduced. Chapter 6,
"Understanding the Attacker," discusses who the real threat is.
Both inside and outside attacks typically follow a given pattern.
These stages of attack are discussed, as are ways to reduce the
threat. If the assessment you are performing is being driven
because of an attack, you'll find this a particularly
Chapter 7, "Performing the Assessment,"
introduces the activities performed during the actual assessment.
This might be only a policy review or may involve
hands-on testing. If hands-on testing is required, you will need a
variety of tools, which are discussed in Chapter 8, "Tools Used for
Assessments and Evaluations." Chapter 9, "Preparing the Final
Report," introduces you to the
phase. Everything you
have done must be documented, and this chapter discusses ways to
write a successful report. Finally, Chapter 10, "Post-Assessment
Activities," describes what happens
activities typically involve change. So this chapter delves into
the topics of policy change, hardware implementation, and
We have also outfitted the book with five
appendixes. Here we provide security assessment resources, sample
forms, and information on how to deal with outside
should you feel the need to outsource part of this process.
Performing a security assessment is a challenging journey, and we
hope that our approach to guarding your IT infrastructure makes