Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: (forw) NIST Draft Special Publication 42, Guideline on Network Security Testing

(forw) NIST Draft Special Publication 42, Guideline on Network Security Testing

From: <aleph1_at_securityfocus.com>
Date: Tue, 5 Feb 2002 08:06:08 -0700

----- Forwarded message from Patrick O'Reilly <patrick.oreilly_at_nist.gov> -----

From: "Patrick O'Reilly" <patrick.oreilly_at_nist.gov>
Reply-To: patrick.oreilly_at_nist.gov
To: Multiple recipients of list <compsecpubs_at_nist.gov>
Subject: NIST Draft Special Publication 42, Guideline on Network Security Testing
Date: Tue, 5 Feb 2002 08:42:53 -0500 (EST)
Message-Id: <5.1.0.14.2.20020205082902.025e7888_at_email.nist.gov>
X-Mailer: QUALCOMM Windows Eudora Version 5.1

February 4, 2002 -- Draft Special Publication 42, Guideline on Network
Security Testing, is now available for public comment. This document
describes a methodology for using network-based tools for testing systems
for vulnerabilities. The primary aim of the document is to help
administrators and managers get started with a program for testing on a
routine basis. The methodology recommends focusing first on those systems
that are accessible externally, e.g., firewalls, web servers, etc., and
then moving on to other systems as resources permit. The document includes
many pointers to various testing applications and contains more detailed
descriptions of several of the more popular test tools.

NIST is particularly interested in comments regarding the testing
schedules, especially the frequency of certain tests - are they realistic
for your environment, should certain tests be run more frequently or less,
do you recommend other types of tests or tools? Comments and questions are
requested by March 6, 2002. Please send comments and questions to
john.wack_at_nist.gov.

Here is the URL to the Drafts web page. This document is the first bullet
item on this page: <http://csrc.nist.gov/publications/drafts.html>

----- End forwarded message ----- 

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Feb 05 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]