Guys/Gals,
Am gonna be taking a look at an Enterprise' network from a security perspective. With respect to figuring out the loopholes in the n/w from inside and out i need suggestions on the following:
Tools to use..(Saint, nessus, nmap....etc) Methodology to be followed Network and OS Exploits to test the n/w for Understanding and looking for holes in perimeter and
DMZ zones.
Pointers to docs/infomation with respect to the same will be highly appreciated. Thanks in advance folks.
Trevor
===== ( >- -< ) /~\ ______________________________________ /~\ | ) / Scaling FLOSS in the Enterprise \ (/ | |_|_ \ trevorwarren@yahoo.com / _|_| ____________________________________/
__________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
do not miss websites like www.grc.com, which has a free network firewall audit, with any or possible loopholes. one of the best unbiased websites for network security.
Regards Yayati.
--- Trevor Warren trevorwarren@yahoo.com wrote: >
Guys/Gals,
Am gonna be taking a look at an Enterprise' network from a security perspective. With respect to figuring out the loopholes in the n/w from inside and out i need suggestions on the following:
Tools to use..(Saint, nessus, nmap....etc) Methodology to be followed Network and OS Exploits to test the n/w for Understanding and looking for holes in perimeter
and DMZ zones.
Pointers to docs/infomation with respect to the same will be highly appreciated. Thanks in advance folks.
Trevor
===== ( >- -< ) /~\ ______________________________________ /~\ | ) / Scaling FLOSS in the Enterprise \ (/ | |_|_ \ trevorwarren@yahoo.com / _|_| ____________________________________/
__________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
________________________________________________________________________ Yahoo! India Careers: Over 65,000 jobs online Go to: http://yahoo.naukri.com/
Tools to use..(Saint, nessus, nmap....etc) Methodology to be followed Network and OS Exploits to test the n/w for Understanding and looking for holes in perimeter
and DMZ zones.
Pointers to docs/infomation with respect to the same will be highly appreciated. Thanks in advance
folks.
Trevor
<snip> Starting point would be Current Status Assessment, which includes Interviewing Key IT security personnels. Existing document review - Internal Technical Security & Policy Procedures.
Second step would be to conduct a GAP Analysis in this process there would be Technical Risk assement & Procedural Risk Assessment Your Technical Risk Assessment is where you would conduct activities like Vulnerability Assessment and Penetration Testing. ( Here u can use tools mentioned above. ) Under Procedural Risk Assessment there would Device Risk Assessment, This process is a checklist driven activity. Then comes your Qualitative Risk Assessment and Quantitative Risk Assessment.
Consolidating all above you would then submit a GAP analysis draft, which includes the discussion you had with client and recommended suggestions on the finding.
Followed by it would be a Post Implementation Audit, which takes care of the recommendation suggested in your report.
Regards, Animesh.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-
Animesh Singh -
Trevor Warren -
yayati singh