TABLE OF CONTENTS This chapter covers the remainder of the scanning, or hands-on, portion of the IEM. As mentioned in the previous chapter, you will more than likely have a different view of the system when you re at the console than when you re evaluating the system from the network. The same can be said of the remaining tasks, in regard to the organization s INFOSEC posture. By conducting network device analysis, password-compliance testing (more commonly known as password cracking, but we aren t supposed to call it that anymore), application-specific scanning, and network protocol analysis, we should finally have the big picture when it comes to the organization and the status of its INFOSEC resources. It sounds like there is still a lot left to do. And there is; but the tasks go quickly, so don t worry too much.
In this chapter we fine-tune the evaluation. Our goals are to evaluate network devices (routers, firewalls, intrusion detection systems [IDSs], and the like), conduct password-compliance testing, perform application-specific scanning (on Web servers, databases, and e-mail servers), and do a bit of network protocol analysis. All these tasks flesh out the evaluation team s understanding of the organization s environment. And unless the evaluation team needs to conduct retesting, these tasks represent the last of the hands-on testing part of the IEM process (see Figure 10.1).
Let s get to work.
The part we refer to as network device analysis or evaluation is where you examine the...
