Home page logo
/

basics logo Security Basics mailing list archives

RE: Conducting vulnerability assessment for the first time
From: "Bill Hardstone" <rhardstone () eudoramail com>
Date: Tue, 06 Apr 2004 20:54:34 -0400

Hello All, 

Sorry for a late response...

Thanks to everyone who responded. I ended up deligating this part of the engagement to another resource that will 
report findings to me. 

I realized some of the issues as I was putting together the project plan for this client. The key issue being time 
limitation to ramp up...

Thanks again everyone for their input/ suggestions. 

~Bill
--

--------- Original Message ---------

DATE: Fri, 19 Mar 2004 11:52:02
From: "Rosado, Rafael (Rafael)" <rarosado () lucent com>
To: rhardstone () eudoramail com
Cc: security-basics () securityfocus com

Bill,

If you have never performed a Vulnerability Assessment, I would suggest that
you take a course from SANS (or other vendors, although SANS is probably the
best, Foundstone through GlobalKnowledge is also excellent) before
performing the work for your customer.  Regarding a Pen Test, these require
a large amount of knowledge/experience, so you are probably best suited
contracting a company that has done it extensively and learn from them (and
taking technically detailed training on these).

When performing these reviews for customers, there is a large amount of
liability you are exposing yourself to, so you are best suited working with
other companies and taking in-depth training before attempting to perform
these types of reviews on your own.

I would be happy to speak with you offline on these topics.

Rafael Rosado, CISSP, CISA
Network Security Manager
Lucent Technologies
IT Infrastructure - Network Design
2400 SW 145th Avenue 
Miramar, Florida 33027 
Office: 954-885-2176 
Facsimile: 954-885-3861 
Email: rarosado () lucent com 

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.

-----Original Message-----
From: Bill Hardstone [mailto:rhardstone () eudoramail com] 
Sent: Friday, March 19, 2004 7:09 AM
To: security-basics () securityfocus com
Subject: Conducting vulnerability assessment for the first time

I am tasked to perform network vulnerability assessments for a provider
customer

I am searching for ...

1.     What are the tools out there to perform vulnerability assessments
(port scanner, network mapper, etc.)
2.     What is the difference between vulnerability assessment and
penetration testing
3.     Are there best practices that can be utilized to perform the
assessments and to report its findings

Any help will be appreciated.

Bill.




Need a new email address that people can remember Check out the new
EudoraMail at http://www.eudoramail.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------





Need a new email address that people can remember
Check out the new EudoraMail at
http://www.eudoramail.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • RE: Conducting vulnerability assessment for the first time Bill Hardstone (Apr 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault