Home page logo

basics logo Security Basics mailing list archives

Re: Vulnerability Assessment Checklists?
From: H Carvey <keydet89 () yahoo com>
Date: 2 Dec 2003 16:29:48 -0000

In-Reply-To: <BAY2-F52x8VUkRacUtI000005ed () hotmail com>


Since I've never evaluated the security posture of a company before I could 
use some resources on how to best get started. They run the gamut from P2P 
to WANs. Of course, I want to give them some value while gaining valuable 
experience for my resume.

From my experience, the best way to "add value" to something like an assessment is to evaluate security based on the 
their business processes and needs.  Technical information is easy to obtain...it wasn't too long ago that "security 
consulting firms" simply had their "consultants" run ISS.  Even now, many reputable firms don't do much beyond running 
a commercial scanning tool.

The real value comes when you can assess the security based on the business needs/processes of the client, and provide 
reasonable recommendations for improvement, if they're called for.  The things you mentioned...P2P, WAN, etc...are all 
part of the picture.  You'll want to look at a variety of areas, including but not limited to WLAN, user acct mgmt, 
host-based security, etc, etc.

Hope that helps.  Contact me off list if you want to discuss this.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]