Defining and deciding upon a formal scope is one of the most important factors of a vulnerability assessment. While there may be a lot of information and guidelines available on using various vulnerability assessment tools and techniques, the preparation phase of vulnerability assessment is quite often overlooked. Ignoring properly complete pre-engagement activities may lead to potential problems, such as the following:
- Scope creep
- Customer dissatisfaction
- Legal trouble
The scope of a project is intended to precisely define what is to be tested.
Theoretically, it may seem best to test each and every asset present in the network; however, it may not be practically possible. A detailed discussion with all the business units could help you gather a list of critical assets. These assets could then be included in the scope of the vulnerability assessment. Some of the common assets included in the vulnerability assessment scope are as follows:
- Communication lines
- E-commerce platforms
- Any internet-facing websites
- Special-purpose devices (modems, radios, and so on)
- Applications and application APIs
- Email gateways
- Remote access platforms
- Mail servers
- DNS
- Firewalls
- FTP servers
- Database servers
- Web servers
While the preceding list of assets looks quite obvious in regards to candidates to be included in the vulnerability assessment scope, there might be a few other assets that are often ignored but could open up an entry point for the attacker. Such assets include the following:
- Printers
- Wireless access points
- Shared drives
- IP cameras
- Smart TVs
- Biometric access control systems
A detailed outline of the scope will help the vulnerability assessment team plan resources and a time schedule.