TABLE OF CONTENTS This chapter covers the vulnerability scanning and host evaluation portions of the IEM (see Figure 9.1). Vulnerability scanning is conducted from the network perspective, and host evaluations are conducted directly on the target components or systems. You will more than likely have a different view of the system when you re at the console than when you re evaluating the systems from the network.
In this chapter we define vulnerability scanning and the goals of these scans in relation to the IEM. We also discuss current vulnerability and attack trends. Then we break out the vulnerability scanning tools (a.k.a. The Fun Part) and gather some findings! Of course, after gathering our findings from the vulnerability scans, we will need to validate and document them (a.k.a. The Not-So-Fun Part). As you can see from Figure 9.2, vulnerabilities play a key role in the management of risk and an organization s INFOSEC posture.
The goal of this section of the evaluation is to identify vulnerabilities within the organization. Following the vulnerability-scanning portion of the chapter, we examine host evaluations and define their goals in relation to the IEM. We also discuss what to look for during host evaluations, go over the use of benchmark scripts, and map our host evaluation findings back to the IEM after validating the findings, of course!
Computer Emergency Response Team (CERT) was created in November 1988, just after the Morris Worm hit, and...
