Record:   Prev Next
Author Manzuik, Steve
Title Network Security Assessment
Imprint Rockland : Elsevier Science & Technology Books, 2006
©2006
book jacket
Descript 1 online resource (412 pages)
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Note Front Cover -- Network Security Assessment: From Vulnerability to Patch -- Copyright Page -- Contents -- Foreword -- Chapter 1. Windows of Vulnerability -- Introduction -- What Are Vulnerabilities? -- Understanding the Risks Posed by Vulnerabilities -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 2. Vulnerability Assessment 101 -- Introduction -- What is a Vulnerability Assessment? -- Seeking Out Vulnerabilities -- Detecting Vulnerabilities via Security Technologies -- The Importance of Seeking Out Vulnerabilities Looking Closer at the Numbers -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 3. Vulnerability Assessment Tools -- Introduction -- Features of a Good Vulnerability Assessment Tool -- Using a Vulnerability Assessment Tool -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 4. Vulnerability Assessment: Step One -- Introduction -- Know Your Network -- Classifying Your Assets -- I Thought This Was a Vulnerability Assessment Chapter -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 5. Vulnerability Assessment: Step Two -- Introduction -- An Effective Scanning Program -- Scanning Your Network -- When to Scan -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 6. Going Further -- Introduction -- Types of Penetration Tests -- Scenario: An Internal Network Attack -- Penetration Testing -- Vulnerability Assessment versus a Penetration Test -- Internal versus External -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 7. Vulnerability Management -- Introduction -- The Vulnerability Management Plan -- The Six Stages of Vulnerability Management -- Governance (What the Auditors Want to Know) -- Measuring the Performance of a Vulnerability Management Program
Common Problems with Vulnerability Management -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 8. Vulnerability Management Tools -- Introduction -- The Perfect Tool in a Perfect World -- Evaluating Vulnerability Management Tools -- Commercial Vulnerability Management Tools -- Open Source and Free Vulnerability Management Tools -- Managed Vulnerability Services -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 9. Vulnerability and Configuration Management -- Introduction -- What is Vulnerability Management? -- Patch Management -- Building a Patch Test Lab -- Patch Distribution and Deployment -- Configuration Management -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 10. Regulatory Compliance -- Introduction -- Regulating Assessments and Pen Tests -- Drafting an Information Security Program -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 11. Tying It All Together -- Introduction -- A Vulnerability Management Methodology -- Step One: Know Your Assets -- Step Two: Categorize Your Assets -- Step Three: Create a Baseline Scan of Assets -- Step Four: Perform a Penetration Test on Certain Assets -- Step Five: Remediate Vulnerabilities and Risk -- Step Six: Create a Vulnerability Assessment Schedule -- Step Seven: Create a Patch and Change Management Process -- Step Eight: Monitor for New Risks to Assets -- Summary -- Appendix A. Legal Principles for Information Security Evaluations -- Introduction -- Uncle Sam Wants You: How Your Company's Information Security Can Affect U.S. National Security (and Vice Versa) -- Legal Standards Relevant to Information Security -- Do It Right or Bet the Company: Tools to Mitigate Legal Liability -- What to Cover in IEM Contracts64 -- The First Thing We Do...? Why You Want Your Lawyers Involved From Start to Finish
Solutions Fast Track -- Frequently Asked Questions -- References -- Appendix B. Examples of INFOSEC Tools by Baseline Activity -- Index
This book will take readers from the discovery of vulnerabilities and the creation of the corresponding exploits, through a complete security assessment, all the way through deploying patches against these vulnerabilities to protect their networks. This is unique in that it details both the management and technical skill and tools required to develop an effective vulnerability management system. Business case studies and real world vulnerabilities are used through the book. It starts by introducing the reader to the concepts of a vulnerability management system. Readers will be provided detailed timelines of exploit development, vendors' time to patch, and corporate path installations. Next, the differences between security assessment s and penetration tests will be clearly explained along with best practices for conducting both. Next, several case studies from different industries will illustrate the effectiveness of varying vulnerability assessment methodologies. The next several chapters will define the steps of a vulnerability assessment including: defining objectives, identifying and classifying assets, defining rules of engagement, scanning hosts, and identifying operating systems and applications. The next several chapters provide detailed instructions and examples for differentiating vulnerabilities from configuration problems, validating vulnerabilities through penetration testing. The last section of the book provides best practices for vulnerability management and remediation. * Unique coverage detailing both the management and technical skill and tools required to develop an effective vulnerability management system * Vulnerability management is rated the #2 most pressing concern for security professionals in a poll conducted by Information Security Magazine * Covers in the detail the vulnerability management lifecycle from discovery
through patch
Description based on publisher supplied metadata and other sources
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries
Link Print version: Manzuik, Steve Network Security Assessment: from Vulnerability to Patch Rockland : Elsevier Science & Technology Books,c2006 9781597491013
Subject Computer networks -- Security measures.;Computer security -- Evaluation -- Methodology
Electronic books
Alt Author Pfeil, Ken
Gold, Andrew
Record:   Prev Next