𝔖 Scriptorium
✦   LIBER   ✦
📁

Inside Network Security Assessment: Guarding Your IT Infrastructure [With CDROM]

✍ Scribed by ProQuest.; Gregg, Michael C.; Kim, David

Publisher
Sams
Year
2005;2006
Tongue
English
Leaves
311
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

As an IT professional, you need to know how to perform network security assessments. Inside "Network Security Assessment: Guarding Your IT Infrastructure" is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. You'll save everyone time and money by learning to perform security assessments yourself with the help of "Inside Network Security Assessment."

✦ Table of Contents

Cover......Page 1
Contents......Page 5
Introduction......Page 16
What Security Is and Isn't......Page 20
Process for Assessing Risk......Page 21
Four Ways in Which You Can Respond to Risk......Page 22
Types of Network Vulnerability Assessments......Page 23
What Procedures Govern the Vulnerability Assessment?......Page 25
The Role of Policies in the Vulnerability Assessment......Page 26
What Drives the Assessment?......Page 27
Importance of Setting and Maintaining a Schedule for Assessments......Page 29
Key Terms......Page 31
Basic Security Principles......Page 34
Governmental Information Classification System......Page 36
Classification Criteria......Page 37
The Policy Framework......Page 38
Types of Policies......Page 39
Deploying Policy......Page 40
Authentication......Page 42
Authorization......Page 44
Accountability......Page 45
Encryption......Page 46
Security and the Employee (Social Engineering)......Page 47
Key Terms......Page 48
3 Why Risk Assessment......Page 52
Risk Terminology......Page 53
Laws, Mandates, and Regulations......Page 60
Health Insurance Portability and Accountability Act (HIPAA)......Page 61
Gramm-Leach-Bliley-Act (GLBA)......Page 62
Federal Information Security Management Act (FISMA)......Page 63
Sarbanes-Oxley Act (SOX)......Page 64
Risk Assessment Best Practices......Page 67
Understanding the IT Security Process......Page 70
The Goals and Objectives of a Risk Assessment......Page 73
Security Process Definition......Page 74
Goals and Objectives of a Risk and Vulnerability Assessment......Page 75
Summary......Page 76
Key Terms......Page 77
Risk-Assessment Terminology......Page 80
Risk-Management and Risk-Assessment Requirements......Page 81
Defense-in-Depth Approach for Risk Assessments......Page 82
Asset Valuation Approach for Risk Assessments......Page 84
Quantitative and Qualitative Risk-Assessment Approaches......Page 85
Quantitative Risk-Assessment Approach......Page 86
Qualitative Risk-Assessment Approach......Page 89
Quantitative Risk-Assessment Best Practices......Page 90
Qualitative Risk-Assessment Best Practices......Page 91
Choosing the Best Risk-Assessment Approach......Page 92
Common Risk-Assessment Methodologies and Templates......Page 94
Summary......Page 96
Key Terms......Page 97
Defining the Scope of the Assessment......Page 100
Driving Events......Page 101
Initial Meeting......Page 103
Becoming the Project Manager......Page 104
Staffing the Assessment Team......Page 105
Kickoff Meeting......Page 106
Building the Assessment Timeline......Page 108
Information Criticality Matrix......Page 110
Systems Criticality Matrix......Page 116
Compiling the Needed Documentation......Page 117
Making Sure You Are Ready to Begin......Page 119
Key Terms......Page 120
6 Understanding the Attacker......Page 122
Who Are the Attackers?......Page 123
Attacker Types and Their Characteristics......Page 124
Insecure Computing Habits Are a Threat......Page 126
Disgruntled Employees Are a Threat......Page 127
What Do Attackers Do?......Page 128
Four Kinds of Attacks......Page 129
Things That Attackers Attack......Page 134
Goals and Motivations of the Attacker......Page 136
Attackers Conduct Their Own Risk Analysis......Page 137
How Do Attackers Attack?......Page 138
Tools That Attackers Use During the Stages of an Attack......Page 139
Reducing the Risk of an Attack......Page 146
How to Respond to an Attack......Page 148
Summary......Page 149
Key Terms......Page 150
Introducing the Assessment Process......Page 154
Reviewing the Documentation......Page 156
Interviewing Process Owners and Employees......Page 169
System Demonstrations......Page 171
Level II: Assessments......Page 172
Level III: Assessments......Page 173
Vulnerability Exploitation......Page 174
Key Terms......Page 175
A Brief History of Security Tools......Page 178
Information-Gathering Tools and Techniques......Page 179
Scanning Tools......Page 182
Enumeration Tools......Page 186
Wireless Tools......Page 189
Password Auditing Tools......Page 191
Vulnerability Scanning Tools......Page 194
Automated Exploit and Assessment Tools......Page 198
Additional Items for the Toolkit......Page 200
Key Terms......Page 201
Preparing for Analysis......Page 204
Ranking Your Findings......Page 205
Impact Rating......Page 206
Determining Raw Risk......Page 207
Control Level......Page 208
Calculating the Risk Score......Page 209
Building the Final Report......Page 210
Notice......Page 211
Statement of Work......Page 212
Analysis......Page 213
Findings......Page 215
Determining the Next Step......Page 217
Summary......Page 218
Key Terms......Page 219
10 Post-Assessment Activities......Page 222
Goals and Objectives......Page 223
Terminology......Page 224
Defining the Structure and Hierarchy......Page 225
Hierarchical IT Security Architecture and Framework......Page 228
Sample IT Security Architecture and Framework......Page 230
Roles, Responsibilities, and Accountabilities......Page 232
Seven Areas of Information Security Responsibility......Page 233
Security Incident Response Team (SIRT)......Page 237
SIRT Response Procedures......Page 238
Security Workflow Definitions......Page 239
Security Workflow Procedures......Page 240
Vulnerability Management......Page 242
Training IT Staff and End Users......Page 243
Summary......Page 246
Key Terms......Page 247
ISO17799......Page 250
NIST......Page 251
General Security Websites......Page 253
Security Tool Websites......Page 254
Information Request Form......Page 256
Document Tracking Form......Page 258
Critical Systems and Information Forms......Page 259
Level II: Assessment Forms......Page 260
C: Security Assessment Sample Report......Page 262
Executive Summary......Page 263
Analysis......Page 264
Conclusions......Page 265
D: Dealing with Consultants and Outside Vendors......Page 266
Procurement Terminology......Page 267
Typical RFP Procurement Steps......Page 269
Procurement Best Practices......Page 273
SIRT Incident Report......Page 276
A......Page 280
B......Page 283
C......Page 284
D......Page 285
E......Page 287
F......Page 288
H......Page 289
I......Page 290
J-K-L......Page 292
M......Page 293
N......Page 294
P......Page 295
Q-R......Page 298
S......Page 302
T......Page 305
U......Page 306
W......Page 307
X-Y-Z......Page 308

📜 SIMILAR VOLUMES

Inside Network Security Assessment: Guar
📁 Inside Network Security Assessment: Guarding your IT Infrastructure
✍ Michael Gregg, David Kim 📂 Library 📅 2005 🏛 Sams 🌐 English

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessments: A Brick by Brick Approach to Securing a Network Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly

Network Vulnerability Assessment: Identi
📁 Network Vulnerability Assessment: Identify security loopholes in your network's infrastructure
✍ Sagar Rahalkar 📂 Library 📅 2018 🏛 Packt Publishing 🌐 English

<p><b>Build a network security threat model with this comprehensive learning guide</b></p> Key Features <li>Develop a network security threat model for your organization </li> <li>Gain hands-on experience in working with network scanning and analyzing tools </li> <li>Learn to secure your network inf

Network Security Assessment: Know Your N
📁 Network Security Assessment: Know Your Network
✍ Chris McNab 📂 Library 📅 2007 🏛 O'Reilly Media 🌐 English

How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security consultants use to identify and assess risks in Internet-based networks-the same penetration testing model they use to secure government, mil

Network Security Assessment: Know Your N
📁 Network Security Assessment: Know Your Network
✍ Chris McNab 📂 Library 📅 2016 🏛 O’Reilly Media 🌐 English

How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expert Chris

Network Security Assessment: Know Your N
📁 Network Security Assessment: Know Your Network
✍ Chris McNab 📂 Library 📅 2016 🏛 O’Reilly Media 🌐 English

<div><p>How secure is your network? The best way to find out is to attack it, using the same tactics attackers employ to identify and exploit weaknesses. With the third edition of this practical book, you’ll learn how to perform network-based penetration testing in a structured manner. Security expe

Network Security Assessment Know Your N
📁 Network Security Assessment Know Your Network
✍ Chris McNab 📂 Library 📅 2016 🏛 O'Reilly Media 🌐 English

Насколько безопасна ваша сеть? Лучший способ выяснить это - атаковать её. Эта книга предоставляет вам инструменты и методы, которые профессиональные аналитики в области безопасности используют для выявления и оценки рисков в государственных, военных и коммерческих сетях.<br>How secure is your networ