Network Security Testing Overview

Network security is an ongoing process that is best described by the Cisco security wheel. The security wheel, as shown in Figure 7-1, consists of the following four items:

• Secure

• Monitor

• Test

• Improve

The third item, Test, or network security testing, helps the Netadmin to verify the security design and to discover vulnerabilities within the network.

The process of testing network security is also known as any of the following:

• Security audit

• Penetration testing

• Posture assessment

• Ethical hacking

• Vulnerability assessment

All these terms essentially mean the same thing a legitimate process of attacking, discovering, and reporting security holes in a network. A security-testing process uses tools and methods that are similar to those of the underground hacking community.

The tools used for security auditing can be loosely classified into the following two categories:

• Scanners Active tools that send out probe packets to the target host or network to attack or gather information.

• Packet analyzers Passive in their operation because they do not send probe packets. Instead, packet analyzers work by capturing and analyzing the data that is flowing across the network.

Note

Active Versus Passive Active tools work by sending out probe packets to the target and then analyzing the response received from the target. In contrast, passive tools work by analyzing the traffic flowing across the wire. As an analogy, active tools are like police interrogators, while passive packet analyzers are like surveillance police officers.

This chapter discusses some of the popular network security scanners and packet analyzers that Netadmins can use. These tools are widely available as ready-to-use packages in the form of Linux-based bootable CD-ROMs. The following section covers some of these bootable CD-ROM based tool kits that Cisco Netadmins can use.