Security Basics mailing list archives
RE: Conducting vulnerability assessment for the first time
From: "Bill Hardstone" <rhardstone () eudoramail com>
Date: Tue, 06 Apr 2004 20:54:34 -0400
Hello All, Sorry for a late response... Thanks to everyone who responded. I ended up deligating this part of the engagement to another resource that will report findings to me. I realized some of the issues as I was putting together the project plan for this client. The key issue being time limitation to ramp up... Thanks again everyone for their input/ suggestions. ~Bill -- --------- Original Message --------- DATE: Fri, 19 Mar 2004 11:52:02 From: "Rosado, Rafael (Rafael)" <rarosado () lucent com> To: rhardstone () eudoramail com Cc: security-basics () securityfocus com
Bill, If you have never performed a Vulnerability Assessment, I would suggest that you take a course from SANS (or other vendors, although SANS is probably the best, Foundstone through GlobalKnowledge is also excellent) before performing the work for your customer. Regarding a Pen Test, these require a large amount of knowledge/experience, so you are probably best suited contracting a company that has done it extensively and learn from them (and taking technically detailed training on these). When performing these reviews for customers, there is a large amount of liability you are exposing yourself to, so you are best suited working with other companies and taking in-depth training before attempting to perform these types of reviews on your own. I would be happy to speak with you offline on these topics. Rafael Rosado, CISSP, CISA Network Security Manager Lucent Technologies IT Infrastructure - Network Design 2400 SW 145th Avenue Miramar, Florida 33027 Office: 954-885-2176 Facsimile: 954-885-3861 Email: rarosado () lucent com This electronic mail message contains information belonging to Lucent Technologies, which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message. -----Original Message----- From: Bill Hardstone [mailto:rhardstone () eudoramail com] Sent: Friday, March 19, 2004 7:09 AM To: security-basics () securityfocus com Subject: Conducting vulnerability assessment for the first time I am tasked to perform network vulnerability assessments for a provider customer I am searching for ... 1. What are the tools out there to perform vulnerability assessments (port scanner, network mapper, etc.) 2. What is the difference between vulnerability assessment and penetration testing 3. Are there best practices that can be utilized to perform the assessments and to report its findings Any help will be appreciated. Bill. Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Conducting vulnerability assessment for the first time Bill Hardstone (Apr 07)