Sample NVA Report 263
CLIENT Network Diagram
Following is a diagram of the CLIENT network. [Diagram removed to sanitize
this document]
<Name> provided the previous diagram to Your Company as a hand
drawing on a whiteboard in the Your Company Workspace at CLIENT. Your
Company then transcribed the drawing to its present format. The Visio file of
this drawing is located on the Supplemental CD; the file is <CD>Additonal
DataCLIENT.vsd.
Appendix C-4: Supplementary Information
This appendix contains any supplementary information that does not have a
specific category elsewhere within the report. All of the information referenced
in this appendix can be found on the Supplemental CD that accompanies this
report.
Supplemental CD Readme File
Exhibit C-4.1 lists the text of the readme file from the Supplemental CD
provided with this report.
Exhibit C-3.1 Information Security Concept Flow
NVA
To assess safeguards
and check for new
business risks
FRAP
To identify
business
risks
Implementation
To install
cost-effective
safeguards
BCAP
To determine
cost-effective
controls
264 Managing Network Vulnerability Assessment
Exhibit C-4.1 Supplemental CD Readme File
Your Company Vulnerability Assessment
Final Report Supplemental CD for
CLIENT
© Copyright 2002, Your Company
Your Company confidential
Version 1.3 XXX XX, XXXX
This CD is governed by PSA XXXX dated XXX XX, XXXX
This CD is governed by and produced under EA XXXXX-X-XX/XX
Dated XXX XX, XXXX
This CD contains information that is supplemental to the VULNERABILITY
ASSESSMENT Final Report
Referenced above.
All reports are available in HTML, Text, or Microsoft Word 97 format.
Contents of this CD are as follows:
eadme.txt — This readme document
VULNERABILITY ASSESSMENT Supplemental Reports TOC.xls
— A Microsoft Excel 97 spreadsheet listing the name and
characteristics of all ISS, NetRecon, and ESM reports on the
Supplemental CD.
index.html — HTML file containing links to the ISS, NetRecon, and ESM
reports on the Supplemental CD.
Additional Data — Contains data from the Zero-Information-Based Scan, password
crackers, and other miscellaneous tools and tests designed to
verify what PA found in other tests.
Data Files — Contains the original ISS Scanner 6, Axent NetRecon, and Axent
ESM Data Files.
ESM Reports — Contains the reports produced by ESM as a part of the
configuration audit.
ISS Reports — Contains the reports produced by ISS as a part of the directed
vulnerability scans. ISS performs tests that attempt to directly
test for vulnerabilities.
Sample NVA Report 265
Exhibit C-4.1 Supplemental CD Readme File
NetRecon Reports — Contains the reports produced by NetRecon as a part of the
inferred vulnerability scans. NetRecon collects basic
information and then uses a database of known vulnerabilities
as its test procedure.
NetProwler Data — Contains the data and capture files from NetProwler used to
look for data leakage that the scanners may not have detected.
PhoneTag Data — Includes the PhoneTag captured files and the Dial-List used for
the War Dialing test.
VULNERABILITY ASSESSMENT Final Report
— Contains a copy of the VULNERABILITY ASSESSMENT Executive
Summary and The VULNERABILITY ASSESSMENT Final Report.
Both documents are in Microsoft Word 97 and HTML format.
= = = END OF FILE = = =
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.