From Network Security Assessment: From Vulnerability to Patch
Introduction
In the preceding chapter, we talked about the boring but necessary first steps of conducting a vulnerability assessment. This chapter will expand on that and move into the more enjoyable steps of actually identifying and confirming vulnerable systems. This is a appropriate topic, because now is the perfect time to demonstrate why a good VA program is required: as we were putting together this chapter, the information technology (IT) world was scrambling to deal with a new form of malware that was exploiting an issue with the Microsoft Windows Server Service. Although some organizations were on high alert and their IT staff were being worked to death dealing with this threat, other organizations were calm and in a business-as-usual mindset because they had a proper vulnerability assessment (VA) methodology in place.
In this case and really in any case where a new threat is exploited in the wild just by following the steps outlined in the preceding chapter an organization would already have a list of systems that it needs to check for the existence of a threat, as well as a list of systems which it should not waste time checking. This chapter will take you through the steps of scanning not only for specific threats, but also for every known vulnerability in existence.
One thing to remember when performing any vulnerability assessment, or even a penetration test, for that matter, is that you are conducting a point-in-time assessment. To borrow from a famous Bruce Schneier quote: Vulnerability management is...
Products & Services
Topics of Interest
Introduction Vulnerability assessment (VA) represents a key element of an organization s information security program. A VA highlights an organization s security liabilities and helps asset owners,...
Introduction Vulnerabilities exist; they always have and always will. Just think of the potential impact to the economy if vulnerabilities weren t present, at least in commercial-grade products.
Risk Assessment Risk management includes the three elements of the risk assessment: threat assessment, vulnerability assessment, and impact analysis. This information is the input to the risk...
Applied Marine Technology, Inc. (AMTI) provides professional and technical services and specialized products for Homeland Security. Since 1991, the Virginia Beach VA company has grown from a three-man...
Chapters List Chapter 1: Windows of Vulnerability Chapter 2: Vulnerability Assessment 101 Chapter 3: Vulnerability Assessment Tools Chapter 4: Vulnerability Assessment: Step One Chapter...
