Re: [PEN-TEST] Sample penetration report

["Teicher, Mark" <mark.teicher () NETWORKICE COM>]

Here is an outline that has been used by several different organizations
over the years and in some cases still being used by some of the larger
type security consulting practices:


Executive Summary
Findings
Recommendations

Introduction
Purpose and Scope
Network Map .
Remote Dial-in Map
Findings and Recommendations

Organizational and Procedural Issues
Network Security Responsibility
Internal Restrictions
Network-Wide Vulnerabilities
Firewall
Intrusion Detection and Security Monitoring
Host Vulnerabilities
Dial-in Vulnerabilities
Password Issues
Network Vulnerabilities

Recommendations

Industry Best Practices
Network Considerations
Network Addressing
Firewalls
Automated Systems
Intrusion Detection and Security Monitoring
Vulnerability Scanning
Host Considerations
System Banners
Dial-in Access
Remote Management of Network Infrastructure Devices
Centralized Security Authority

Informational Services

User Authentication .
Passwords
Password Administration
Password Structure and Policy

Appendix

Assessment Process Overview
Background
Security as an Operational Process
Security Posture Defined
Assessment Process
Network Discovery
Target System and Vulnerability Identification
Data Analysis and Security Design Review


At 03:46 PM 8/21/00 -0400, Christopher M. Bergeron wrote:
> Can anyone point me to a sample penetration test / vulnerability analysis
> report somewhere?  What types of things does one usually put in such a
> report?