Chapter 14: Performing the Assessment, Part I

Previous page
Table of content
Next page

Overview

In Chapter 13 we explored ways of building a winning methodology for vulnerability assessments. The chapter explained how to build a standards-based assessment tailored to your organization. Theories on how to gather the necessary information, map your theatre of war, qualify targets, and build attack profiles were all discussed. The goals of your attack as well as how to defend (remedying vulnerabilities) your infrastructure were also discussed. Once you're familiar with the theories behind successful vulnerability assessment plans, the next logical step is to venture into the technical details outlining each of the phases of the assessment. Entire books are written on this very topic. However, by understanding the theory behind vulnerability assessments, the following chapters can be dedicated to ensuring you understand how to conduct assessments. This chapter takes you through an assessment's information gathering and boundary creation (the theatre of war), while Chapter 15 continues the assessment with target qualification, attack profiling, attacking, and defending your network post-assessment . The intent of these two chapters is to take you through a professional assessment "soup to nuts" and provide realistic examples of what may be found while you conduct assessments for your organization.

Chapter 14 provides information on the first two elements of performing a successful vulnerability assessment:

  • Information Gathering Guidelines on what to solicit to get started (aside from approval) and what you should look for during your initial information gathering.

  • Mapping the Theatre of War Determining where to mark boundaries for your assessment to ensure it includes all aspects of your organization's public infrastructure. Steps to begin mapping the infrastructure and determining those boundaries are included.

Chapter 15 will go on to cover qualifying targets, attack profiling, actual attacks, and some tips for defending your systems.

For the purpose of providing examples, we will conduct a mock vulnerability assessment on infrastructure belonging to Acme, Inc. (yes, this is imaginary and is used for demonstration purposes). Simulations will be made throughout the chapter to provide examples necessary to ensure reader understanding. Keep in mind, many of the results were taken from actual testing and analysis. However, where necessary, modifications to results found were made for the purpose of demonstrating points within the chapters.


Previous page
Table of content
Next page
Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120
Authors: Victor Oppleman, Oliver Friedrichs, Brett Watson
BUY ON AMAZON
Strategies for Information Technology Governance
High-Speed Signal Propagation[c] Advanced Black Magic
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy