Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

(forw) NIST Draft Special Publication 42, Guideline on Network Security Testing

From: aleph1 () securityfocus com
Date: Tue, 5 Feb 2002 08:06:08 -0700
----- Forwarded message from Patrick O'Reilly <patrick.oreilly () nist gov> -----

From: "Patrick O'Reilly" <patrick.oreilly () nist gov>
Reply-To: patrick.oreilly () nist gov
To: Multiple recipients of list <compsecpubs () nist gov>
Subject: NIST Draft Special Publication 42, Guideline on Network Security Testing
Date: Tue, 5 Feb 2002 08:42:53 -0500 (EST)
Message-Id: <5.1.0.14.2.20020205082902.025e7888 () email nist gov>
X-Mailer: QUALCOMM Windows Eudora Version 5.1


February 4, 2002 -- Draft Special Publication 42, Guideline on Network 
Security Testing, is now available for public comment. This document 
describes a methodology for using network-based tools for testing systems 
for vulnerabilities.  The primary aim of the document is to help 
administrators and managers get started with a program for testing on a 
routine basis. The methodology recommends focusing first on those systems 
that are accessible externally, e.g., firewalls, web servers, etc., and 
then moving on to other systems as resources permit. The document includes 
many pointers to various testing applications and contains more detailed 
descriptions of several of the more popular test tools.

NIST is particularly interested in comments regarding the testing 
schedules, especially the frequency of certain tests - are they realistic 
for your environment, should certain tests be run more frequently or less, 
do you recommend other types of tests or tools? Comments and questions are 
requested by March 6, 2002. Please send comments and questions to 
john.wack () nist gov.

Here is the URL to the Drafts web page.  This document is the first bullet 
item on this page: <http://csrc.nist.gov/publications/drafts.html>


----- End forwarded message -----

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: