(forw) NIST Draft Special Publication 42, Guideline on Network Security Testing

From: aleph1@securityfocus.com
Date: 02/05/02 

Date: Tue, 5 Feb 2002 08:06:08 -0700
From: aleph1@securityfocus.com
To: secpapers@securityfocus.com, pen-test@securityfocus.com

----- Forwarded message from Patrick O'Reilly <patrick.oreilly@nist.gov> -----

From: "Patrick O'Reilly" <patrick.oreilly@nist.gov>
Reply-To: patrick.oreilly@nist.gov
To: Multiple recipients of list <compsecpubs@nist.gov>
Subject: NIST Draft Special Publication 42, Guideline on Network Security Testing
Date: Tue, 5 Feb 2002 08:42:53 -0500 (EST)
Message-Id: <5.1.0.14.2.20020205082902.025e7888@email.nist.gov>
X-Mailer: QUALCOMM Windows Eudora Version 5.1

February 4, 2002 -- Draft Special Publication 42, Guideline on Network
Security Testing, is now available for public comment. This document
describes a methodology for using network-based tools for testing systems
for vulnerabilities. The primary aim of the document is to help
administrators and managers get started with a program for testing on a
routine basis. The methodology recommends focusing first on those systems
that are accessible externally, e.g., firewalls, web servers, etc., and
then moving on to other systems as resources permit. The document includes
many pointers to various testing applications and contains more detailed
descriptions of several of the more popular test tools.

NIST is particularly interested in comments regarding the testing
schedules, especially the frequency of certain tests - are they realistic
for your environment, should certain tests be run more frequently or less,
do you recommend other types of tests or tools? Comments and questions are
requested by March 6, 2002. Please send comments and questions to
john.wack@nist.gov.

Here is the URL to the Drafts web page. This document is the first bullet
item on this page: <http://csrc.nist.gov/publications/drafts.html>

----- End forwarded message ----- 

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: Penetration testing scope/outline
    ... person doesn't come right out and say they are new to Security, ... Subject: Penetration testing scope/outline ... methodology is modified to that particular type of test. ... of you who don't have the manual handy, that page says INCOMPLETE ...
    (Pen-Test)
  • Re: Penetration testing scope/outline
    ... > Security Testing. ... methodology is modified to that particular type of test. ... of you who don't have the manual handy, that page says INCOMPLETE ... useful for anyone except a fairly experienced tester. ...
    (Pen-Test)
  • RE: Is there any way to measure IT Security??
    ... It's a good methodology useful for evaluting critical systems and data. ... security community and embraded by the federal government. ... FREE WHITE PAPER - Wireless LAN Security: ... Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. ...
    (Pen-Test)
  • RE: Another opinion on using extreme programming for security
    ... > methodology. ... Another opinion on using extreme programming for security ... Software development requirements are always at the whim of the ...
    (SecProg)
  • better late than never.... (was Re: Penetration testing scope/outline)
    ... I have asked repeatedly for this kind of criticism to improve the OSSTMM ... documentation and this is exactly what I needed over a year ago (albeit ... OSSTMM 3.0 has evolved even more to be a methodology for thorough ... security testing and metrics where I focus on factual security metrics ...
    (Pen-Test)