Step 5: Analysis

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

156 Managing Network Vulnerability Assessment

 Attack signature “snifﬁng”:

– Symantec NetProwler

– ISS RealSecure — network

– Symantec Intruder Alert (ITA) — host/server

The only type of testing not listed above is quality assurance testing. This

is a very important step in the process. As we discussed previously, by using

a multi-test environment (MTE), we will help to minimize both false positives

and false negative reports. While all the software we looked at in the tools

section is great software, there are just too many network conditions that can

interfere with accurate testing. So always double-check the tests that you run

and keep records of that tests that you run as you run them. There will be

more discussion on this in the section on documentation.

The following is a brief checklist of items to watch out for while performing

local or host testing:

 Device conﬁguration: Does it support corporate policies?

 Local exploits: Signs of intrusion?

 Uneven administration: Do some systems stand out as easy targets?

 Named after products: for example, Exchange, Catalyst, or ColdFusion

 System is not named according to the corporate naming convention

 System is named after the user who works on it

 Logging: Is logging enabled and read?

The following is a brief checklist of items to watch out for while performing

network or remote testing:

 Snifﬁng for attack signatures to see if security devices are passing packets

that should be stopped

 Look for less secure entry points to the network (backdoors), such as:

– WAN connections

– Rogue connections

– Corporate VPNs to other networks

 Access Controls: are they adequate, and are they enforced?

 Social engineering: using nontechnical means to get access to systems, but

that is another book entirely

 Quality assurance: always double-check

Step 5: Analysis

This leads us to Step 5 of the six-step model. In this layer of the model, there

is not too much that you can learn about in books. The best way to get better

Exhibit 60. Testing Chart

Type of Test Active Passive

Host Any host scanner TCP dump or RMON listening

Network Any vulnerability scanner tool Network snifﬁng

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Step 5: Analysis

Create new playlist

Sign In

Sign Up

Table of Contents for
Step 5: Analysis