Chapter 15: Performing the Assessment, Part II

Overview

Chapter 13 provided the theory behind vulnerability assessments and how to conduct a thorough and accurate analysis. Chapter 14 then began providing actual examples and detailed information regarding information gathering and the theatre of war or "boundary" creation necessary to ensure all pertinent hosts and networks are included in the assessment. This chapter will continue the standards-based assessment details necessary to qualify targets and build attack profiles for pertinent hosts . The goals you should strive for during your attack as well as how to defend (remedying vulnerabilities) your infrastructure will also be discussed.

Chapter 15 provides information on the last four elements of performing a successful vulnerability assessment:

  • Target Qualification Steps to ascertain viable hosts for attack. This section includes port scanning and provides a comprehensive case on why port scanning is as much an art as it is a science. Data models are used to explain why port scanning is not entirely accurate.

  • Attack Profiling Information to help determine attack vectors for each qualified system. We also cover what attack test scenarios should be performed against each of the systems and why human interpretation is so important.

  • Actual Attacks Using vulnerability assessment (VA) tools to aid in the attack process. We also include an explanation of the validation process and prioritizing the vulnerabilities (and we will address false positives).

  • Defenses and Remediation Tools Most of the defense mechanisms were explained in Chapter 13. However, some quick tips are included in this chapter from a technical perspective.



Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net