Results Analysis and Documentation
In the last step of your assessment, you will create a final report. You will have collected a large amount of information during your test, and now is the time to analyze it to determine the overall level of security for your network and what changes are necessary to make it completely secure.
Developing your findings can be the hardest part of producing your report. You will need to look at the results of every test you performed to see what they can tell you about the security of your network. Any tests that
Once you've developed your individual findings, you will then want to examine the whole set to see if you can locate any common elements to them. You are looking for the root causes of problems, not the individual facts. For instance, if you
When you are ready to write your report, you will want to examine what formats will best
Keep in mind that even though it comes first in the report, the executive summary should be written after the rest of the report is finished. Doing it any other way may cause you to unintentionally skew your results to keep them consistent with the executive summary you created prior to analyzing all the data.
In this chapter, we examined techniques for assessing the effectiveness of your security perimeter. You are now armed with the tools and techniques used to perform a security assessment of your environment. You can use this knowledge to find security holes in your defense perimeter and to locate vulnerable or misconfigured systems that are accessible from the Internet. You should also be prepared to test your remote access devices to keep these back channels from allowing
If you take nothing else away from this chapter, remember that security assessment requires permission! The difference between a hacker and a security professional, between illegal and legal, is authorization. Make sure you have written approval from the proper authorities before starting any type of security assessment. In addition, make sure this authorization spells out exactly what your scope is so that it is clear to everyone involved what you are and are not allowed to do. This will keep you and your organization safe as you verify the effectiveness of your security perimeter.