[ Pobierz całość w formacie PDF ]

systems from the outside. Being external to your company provides you with the cracker's viewpoint. You
see what a cracker sees  publicly-routable IP addresses, systems on your DMZ, external interfaces of
your firewall, and more. DMZ stands for "demilitarized zone", which corresponds to a computer or small
subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an
untrusted external network, such as the public Internet. Typically, the DMZ contains devices accessible
to Internet traffic, such as Web (HTTP ) servers, FTP servers, SMTP (e-mail) servers and DNS servers.
When you perform an inside looking around vulnerability assessment, you are somewhat at an
advantage since you are internal and your status is elevated to trusted. This is the viewpoint you and
your co-workers have once logged on to your systems. You see print servers, file servers, databases,
and other resources.
There are striking distinctions between these two types of vulnerability assessments. Being internal to
your company gives you elevated privileges  more so than any outsider. Still today in most
organizations, security is configured in such a manner as to keep intruders out. Very little is done to
secure the internals of the organization (such as departmental firewalls, user-level access controls,
authentication procedures for internal resources, and more). Typically, there are many more resources
when looking around inside as most systems are internal to a company. Once you set yourself outside
of the company, you immediately are given an untrusted status. The systems and resources available to
you externally are usually very limited.
Consider the difference between vulnerability assessments and penetration tests. Think of a
vulnerability assessment as the first step to a penetration test. The information gleaned from the
assessment is used for testing. Whereas, the assessment is checking for holes and potential
vulnerabilities, the penetration testing actually attempts to exploit the findings.
Assessing network infrastructure is a dynamic process. Security, both information and physical, is
dynamic. Performing an assessment shows an overview, which can turn up false positives and false
negatives.
Security administrators are only as good as the tools they use and the knowledge they retain. Take any
of the assessment tools currently available, run them against your system, and it is almost a guarantee
that there are some false positives. Whether by program fault or user error, the result is the same. The
tool may find vulnerabilities which in reality do not exist (false positive); or, even worse, the tool may not
find vulnerabilities that actually do exist (false negative).
Now that the difference between a vulnerability assessment and a penetration test is defined, take the
findings of the assessment and review them carefully before conducting a penetration test as part of
your new best practices approach.
Warning
Attempting to exploit vulnerabilities on production resources can have adverse effects to the
productivity and efficiency of your systems and network.
The following list examines some of the benefits to performing vulnerability assessments.
Creates proactive focus on information security
Finds potential exploits before crackers find them
80
Chapter 8. Vulnerability Assessment
Results in systems being kept up to date and patched
Promotes growth and aids in developing staff expertise
Abates Financial loss and negative publicity
8.2.1. Establishing a Methodology
To aid in the selection of tools for a vulnerability assessment, it is helpful to establish a vulnerability
assessment methodology. Unfortunately, there is no predefined or industry approved methodology at
this time; however, common sense and best practices can act as a sufficient guide.
What is the target? Are we looking at one server, or are we looking at our entire network and everything
within the network? Are we external or internal to the company? The answers to these questions are
important as they help determine not only which tools to select but also the manner in which they are
used.
To learn more about establishing methodologies, refer to the following websites:
http://www.isecom.org/projects/osstmm.htm  The Open Source Security Testing Methodology
Manual (OSSTMM)
http://www.owasp.org/  The Open Web Application Security Project
8.3. Evaluating the Tools
An assessment can start by using some form of an information gathering tool. When assessing the
entire network, map the layout first to find the hosts that are running. Once located, examine each host [ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • fopke.keep.pl