Our Assessment Methodology

Chapter 13 provided a methodology to follow when conducting vulnerability assessments. With this winning methodology, we used Chapter 14 and this chapter to take you through an actual assessment demonstrating various practices, methodologies, and tools. Chapter 14 covered the public information-gathering techniques and this chapter focused on target qualification, attack profiling, attacking, and defending your network. You will notice we slowly diminished our discussions on our simulated Acme assessment as the assessment became more in-depth (at first limiting the scope to a single host and eventually not discussing Acme examples at all). This is because of the amount of data involved. As you move along with your own assessments, you will find there is a tremendous amount of data to keep tabs on. Use your tools and document your findings through reports and topology (both physical and logical) maps.

Hundreds if not thousands of tools are available for conducting vulnerability assessments. One tool may work well in one environment and perform poorly in the next . The tools discussed here are generally good tools to use in any organization. Additionally, the tools discussed in this chapter can provide a baseline for comparing against other tools. The important thing to remember is to use the right tool for the job. Just like your woodshop teacher told you in school, "Don't use a chainsaw to build fine furniture." You need to find the tool that works best in your environment whether you are conducting information gathering, port scanning, or host analysis checking for vulnerabilities.



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net