Chapter 22. Assessment Techniques

Throughout this book, we have discussed various methods of incorporating security into the network. You have learned how to apply recommended security concepts to perimeter components such as routers, firewalls, VPNs, and host systems. This chapter changes your focus from a defensive approach to an offensive one, as we examine how to assess your environment for possible security holes.

A terrific network security design is worthless if it is not faithfully implemented. Unfortunately, many organizations do not test their networks to verify how well they have achieved their security goals. This chapter is designed to show you how to plan an assessment to determine whether your security perimeter is operating according to your expectations. Many of the techniques we will discuss are similar to techniques in common use by network attackers. This includes information-gathering techniques that attackers use to fingerprint and enumerate your network, vulnerability-discovery efforts to determine potential holes in your network, and exploitation techniques that may demonstrate insecurities in your security perimeter. Going through the process of assessing the effectiveness of your security infrastructure helps improve the resiliency of your security perimeter and allows you to locate weaknesses before attackers can exploit them.