Managing A Network Vulnerability Assessment: 1st Edition (Paperback) book cover

Managing A Network Vulnerability Assessment

1st Edition

By Thomas R. Peltier, Justin Peltier, John A. Blackley

Auerbach Publications

312 pages | 66 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780849312700
pub: 2003-05-28
SAVE ~$19.59
Hardback: 9781138436886
pub: 2017-07-27
SAVE ~$41.00

FREE Standard Shipping!


The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies, and procedures that expose a company to the damage caused by malicious network intruders.

Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them.

By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.


"Readers will find detailed definitions, thorough explanations, step-by-step procedures, and sample reports to guide them through a network vulnerability assessment (NVA). … [The book] is clear and easy to read, conveying the authors' outstanding grasp of the material. Despite the extremely detailed content, the presentation is not too technical or confusing. Numerous graphs, sample reports, and computer illustrations effectively support the text. … Of the many readers who would benefit from this work, security managers responsible for computer protection will learn how to conduct an NVA. IT professionals will benefit from the exposure to detailed security concepts and procedures. Finally, college instructors and students will find that the work serves as an excellent educational resource."

- Security Management, Sept. 2004

Promo Copy

Table of Contents


Information Security Lifecycle

Network Vulnerability Assessment

Do I Need to be a Technical Expert to Run an NVA?

What Level of Skill Is Needed?

Which Specific Skills Are Needed?

Can One Person Run an NVA?

Introduction to Vulnerability Assessment

Goals of Vulnerability Assessment

How Many Trees Should Die to Generate This Type of Report?

What Are Vulnerabilities?

Classes of Vulnerabilities

Elements of a Good Vulnerability Assessment

Project Scoping

General Scoping Practices

Developing the Project Overview Statement

Developing the Project Scope

Project Scope Document

Project Scope Change


Assessing Current Network Concerns

Network Vulnerability Assessment Timeline

Network Vulnerability Assessment Team (NVAT)

Threats to Computer Systems

Other Concerns

Additional Threats

Prioritizing Risks and Threats

Other Considerations



Network Vulnerability Assessment Methodology

Methodology Purpose




Top-Down Examination

Bottom-Up Examination

Network Vulnerability Assessment Methodology

The NVA Process (Step-by-Step)


Policy Review (Top-Down) Methodology



Review Elements


Technical (Bottom-Up)

Step 1: Site Survey

Step 2: Develop a Test Plan

Step 3: Building the Toolkit

Step 4: Conduct the Assessment

Step 5: Analysis

Step 6: Documentation


Network Vulnerability Assessment Sample Report

Table of

Executive Summary

Body of the NVA Report




ISO17799 Self-Assessment Checklist

Window NT Server 4.0 Checklist

Network Vulnerability Assessment Checklist

Pre-NVA Checklist

Sample NVA Report

NIST Special Publications

Glossary of Terms

Subject Categories

BISAC Subject Codes/Headings:
BUSINESS & ECONOMICS / Production & Operations Management
COMPUTERS / Information Technology
COMPUTERS / Security / General