34 Managing Network Vulnerability Assessment
A survey of network protocols being used on the network and their current
uses
An investigation into WAN (Wide Area Network) connections; do you have
one?
An examination of data and information available over the WAN link
An inspection of the authentication process used to access network
resources
An analysis of the nature and sensitivity of the data residing on systems
connected to the main network backbone
An examination of dial-up points-of-entry into the network
A critique of policies in place to protect information from unauthorized
access, modification, disclosure, and destruction
An analysis of access granting authority and the process
A critique of the system administration responsibilities
Network Vulnerability Assessment Timeline
A typical NVA might take as long as 12 weeks, especially if you are attempting
to complete the task while maintaining your current responsibilities (see Exhibit
1). This process should result in an extensive report detailing points of weakness
found in the network with respect to data and resource vulnerabilities.
Recommendations made should address:
Policy and procedure modifications
Architecture and topology changes
Possible security hardware (firewalls, switches, physical separation of sub-
nets) and software (encryption, remote access controls, single sign-on,
authentication) implementation recommendations
Exhibit 1. Network Vulnerability Assessment Timeline
2 4 6 8 10 12
Visit
Phase
I
Phase
II
Phase
III
Phase
IV
Phase
V
Planning
Analysis
Draft Report
Final Report
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.