Managing a Network Vulnerability Assessment

The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies and procedures that expose a company to harm by malicious network intruders.

Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them.

By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened and avoid expensive and unnecessary purchases.

Managing a Network Vulnerability Assessment:

• Identifies and prioritizes threats based upon incidents reported to CIAC and CERT
• Critiques network security policies based upon ISO 17799 international standards
• Reviews the requirements for establishing a quarantined site for the testing of freeware and shareware
• Discusses how to delegate the security assessment of individual network components, such as routers, bridges, gateways, servers, and cabling
• Examines the creation of effective vulnerability assessment reports, and details how they can be used by management to monitor the success of proposed security remedies

About the Authors

John A. Blackley, a native of Scotland, completed his bachelors’ degree in electrical engineering at Glasgow University in 1974. Since moving to the United States in 1982, his career has included 19 years of information security. John has published a number of articles in the business press and has been a speaker at conferences and seminars around the world. He teaches on subjects such as privacy management, policy creation and implementation, risk management, and information security awareness. In addition, John’s classes and seminars address organization and management issues relating to the practice of information security.

Justin Peltier, CISSP, MCNE, MCP, CCSE, RHCE, CCNA, is a Senior Security Consultant with Peltier & Associates, with more than eight years of expertise in planning, designing, and implementing technical security solutions in a wide range of operating environments. As a consultant, Justin has been involved in implementing, supporting, and developing security solutions, and has taught courses on many facets including vulnerability assessment and CISSP preparation. He has expert-level experience with projects related to Novell, NT, Sun Solaris, Linux, and Netscape systems, as well as with Ethernet, Token Ring, TCP/IP, and IPX/SPX topologies and protocols. Mr. Peltier’s CBK specialty domains include Telecommunications and Network Security; Cryptography; Access Control Systems and Methodologies; and Security Architecture and Models.

Tom Peltier is in his fifth decade of computer technology. During this time he has shared his experiences with fellow professionals, and because of his work, was given the 1993 Computer Security Institute’s (CSI) Lifetime Achievement Award. Over the past decade, Tom has averaged four published articles a year on various computer and information security issues, including developing policies and procedures, disaster recovery planning, copyright compliance, virus management, and security controls. He has had four books published: Policies, Standards, Guidelines and Procedures: Information Security Risk Analysis; Information System Security Policies and Procedures: A Practitioner’s Reference; The Complete Manual of Policies and Procedures for Data Security and is the co-editor and contributing author for the CISSP Prep for Success Handbook; and a contributing author for the Computer Security Handbook, 3rd and 5th editions, and Data Security Management.