Introduction 9
There are additional types of soft vulnerabilities, including:
A lack of general security policies
General security policies go against industry best practices
A lack of security system procedures
A lack of configuration or change management
Logging not enabled
Log files ignored or deleted frequently
Elements of a Good Vulnerability Assessment
To perform a good network vulnerability assessment, you should incorporate
at least four elements:
1. Comprehensive
2. Experience
3. Results must be reproducible
4. Multi-Test Environment (MTE)
The comprehensiveness of network vulnerability assessment is generally
affected or set by the scope statement we will discuss later. In addition, the
comprehensiveness of your network vulnerability assessment will be affected
by two major factors. The first of the two encountered will be the amount of
time you can dedicate to the network vulnerability assessment; the second is
the amount of capital resources you can devote to the network vulnerability
assessment itself. In a very complete network vulnerability assessment, it may
become necessary to acquire a large number of tools and some relatively
current hardware. The hardware is not the largest expense by far — it is the
software that’s going to consume most of your capital resources. It is not
uncommon for a vulnerability assessment toolkit to have over 40 tools, and
this, of course, is dependent on the areas of the network you will be testing,
the type of network to be tested, and the make up of the target network. We
will discuss this more in the methodology section.
Experience
There is no substitute for experience. While reading this book, attending
training classes, and practicing with the tools would give you a “leg up”
towards actually running a good network vulnerability assessment, the only
way to get better at doing vulnerability assessments is to do vulnerability
assessments. The best way to gain this kind of experience is to practice on
your own. One of the ways is to set up a target network on your own internal
LAN. You can also run tests against Internet available resources that you have
permission to test. However, you must resist the urge to test systems on the
Internet you do not have permission to test. If you have any friends that are
network administrators for smaller companies, they may be able to get you
10 Managing Network Vulnerability Assessment
permission from their senior management to test their network. Resisting the
urge to test systems without permission is a good way to avoid career-limiting
moves and to also avoid getting phone calls and appearances by your local
law enforcement.
The hardware requirements for conducting a network vulnerability assess-
ment are not all that severe. As of this writing, we are currently using two
laptops with 600 MHz processors and 288 MB of RAM in each. These are far
from state-of-the-art machines, but they are still sufficiently powerful to do
most all of what you would like to do. The reason we have to separate
machines is to monitor for data leakage. Data leakage is a vulnerability the
affected a number of manufacturers a few years ago. Some time ago, most
of these affected companies released patches to repair the data leakage
vulnerabilities. However, many people have not applied these patches because
some of the manufacturers required a paid subscription service to receive
these updates. So, it still remains a good idea to continue to test for these
vulnerabilities.
The way we test for these vulnerabilities is to deploy a laptop with an
intelligent network Sniffer and place it behind the corporate firewall or router.
The other laptop will be in your vulnerability assessment toolkit, performing
scans over the Internet, directed at the network behind the firewall or router.
Certain types of firewalls and routers may be susceptible to data leakage. The
vulnerability uses small, fragmented packets and directs them towards the
inside network. For the sake of efficiency, the firewall or router may pass
these packets on before they are reassembled and checked. If these devices
have been sufficiently patched, none of the attack information should be
bleeding through. However, if you are seeing attacks that make it through
the perimeter security devices, the vulnerability still exists. If fragmentation
attacks make it through the router and the firewall, you will see some of them
in the packet captures on the laptop running the intelligent network Sniffer.
In terms of the operating systems that are running, the scanning laptop
should dual boot between Windows NT and Red Hat Linux. The reason we
use the two operating systems is to allow for the greatest access to the tools
and latest vulnerability check we can get. New tools or scripts tend to come
out first on the Linux operating system because the open source nature of
Linux allows people to write custom scripts much more quickly than for the
windows NT environment. However, we rarely go with a completely Linux
vulnerability assessment because most of the paid products are built around
the Windows NT platform. This provides support in case of ever running into
a tool that is consistently crashing a laptop. With the paid products, there is
a 1-800-number to call for support. Most scripts will have been ported over
from the Linux operating system to Windows NT. You can make a very decent
vulnerability assessment using just one of the two operating systems mentioned
here. And, in fact, a large number of companies choose to do just that. This
is primarily done so they do not need the expertise on both operating systems.
However, for your needs, the two operating systems may be beneficial; this
also depends on your requirements for the specific vulnerability assessment.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.113.193