| ||
Step | Description |
---|---|
Gather information. | Consider the items assessment tools don't do for you like public routing prefix announcements, ISP route filter policy, address block registrar configurations, domain registrations, web searching, name service exploration, search engines, and newsgroups. |
Map the theatre of war. | Determine your assessment's boundaries as they would in a war movie. Create physical and logical maps and document packet filter and firewall discovery. |
For a complete checklist for vulnerability assessments, you should also consult the checklist at the end of Chapter 15, which covers qualifying targets, attack profiling, actual attacks, and tips for defending your systems.
RFC 793, Transmission Control Protocol
http://www.google.com/advanced_search?hl=en
http://www.hping.org
http://www.thc.org/
http://www.cve.mitre.org
http://www.cert.org
http://www.securityfocus.com/bid
http://osvdb.org
http://oval.mitre.org
http://www.pwhois.org
| ||