1st Edition

Managing A Network Vulnerability Assessment

    306 Pages 66 B/W Illustrations
    by Auerbach Publications

    306 Pages
    by Auerbach Publications

    The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies, and procedures that expose a company to the damage caused by malicious network intruders.

    Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them.

    By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.

    Information Security Lifecycle
    Network Vulnerability Assessment
    Do I Need to be a Technical Expert to Run an NVA?
    What Level of Skill Is Needed?
    Which Specific Skills Are Needed?
    Can One Person Run an NVA?
    Introduction to Vulnerability Assessment
    Goals of Vulnerability Assessment
    How Many Trees Should Die to Generate This Type of Report?
    What Are Vulnerabilities?
    Classes of Vulnerabilities
    Elements of a Good Vulnerability Assessment

    Project Scoping
    General Scoping Practices
    Developing the Project Overview Statement
    Developing the Project Scope
    Project Scope Document
    Project Scope Change

    Assessing Current Network Concerns
    Network Vulnerability Assessment Timeline
    Network Vulnerability Assessment Team (NVAT)
    Threats to Computer Systems
    Other Concerns
    Additional Threats
    Prioritizing Risks and Threats
    Other Considerations

    Network Vulnerability Assessment Methodology
    Methodology Purpose
    Top-Down Examination
    Bottom-Up Examination
    Network Vulnerability Assessment Methodology
    The NVA Process (Step-by-Step)

    Policy Review (Top-Down) Methodology

    Review Elements

    Technical (Bottom-Up)
    Step 1: Site Survey
    Step 2: Develop a Test Plan
    Step 3: Building the Toolkit
    Step 4: Conduct the Assessment
    Step 5: Analysis
    Step 6: Documentation

    Network Vulnerability Assessment Sample Report
    Table of
    Executive Summary
    Body of the NVA Report


    ISO17799 Self-Assessment Checklist
    Window NT Server 4.0 Checklist
    Network Vulnerability Assessment Checklist
    Pre-NVA Checklist
    Sample NVA Report
    NIST Special Publications
    Glossary of Terms


    Thomas R. Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , Justin Peltier (Thomas R. Peltier Associates, LLC, Wyandotte, Michigan, USA) (Author) , John A. Blackley (Peltier & Associates) (Author)

    "Readers will find detailed definitions, thorough explanations, step-by-step procedures, and sample reports to guide them through a network vulnerability assessment (NVA). … [The book] is clear and easy to read, conveying the authors' outstanding grasp of the material. Despite the extremely detailed content, the presentation is not too technical or confusing. Numerous graphs, sample reports, and computer illustrations effectively support the text. … Of the many readers who would benefit from this work, security managers responsible for computer protection will learn how to conduct an NVA. IT professionals will benefit from the exposure to detailed security concepts and procedures. Finally, college instructors and students will find that the work serves as an excellent educational resource."
    - Security Management, Sept. 2004

    Promo Copy