RE: Conducting vulnerability assessment for the first time
From: Bill Hardstone (rhardstone_at_eudoramail.com)
Date: 04/07/04
- Previous message: Andrew Pretzl: "RE: Online Universitties with Information Security Programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: rhardstone@eudoramail.com, "Rosado, Rafael (Rafael)" <rarosado@lucent.com> Date: Tue, 06 Apr 2004 20:54:34 -0400
Hello All,
Sorry for a late response...
Thanks to everyone who responded. I ended up deligating this part of the engagement to another resource that will report findings to me.
I realized some of the issues as I was putting together the project plan for this client. The key issue being time limitation to ramp up...
Thanks again everyone for their input/ suggestions.
~Bill
-- --------- Original Message --------- DATE: Fri, 19 Mar 2004 11:52:02 From: "Rosado, Rafael (Rafael)" <rarosado@lucent.com> To: rhardstone@eudoramail.com Cc: security-basics@securityfocus.com >Bill, > >If you have never performed a Vulnerability Assessment, I would suggest that >you take a course from SANS (or other vendors, although SANS is probably the >best, Foundstone through GlobalKnowledge is also excellent) before >performing the work for your customer. Regarding a Pen Test, these require >a large amount of knowledge/experience, so you are probably best suited >contracting a company that has done it extensively and learn from them (and >taking technically detailed training on these). > >When performing these reviews for customers, there is a large amount of >liability you are exposing yourself to, so you are best suited working with >other companies and taking in-depth training before attempting to perform >these types of reviews on your own. > >I would be happy to speak with you offline on these topics. > >Rafael Rosado, CISSP, CISA >Network Security Manager >Lucent Technologies >IT Infrastructure - Network Design >2400 SW 145th Avenue >Miramar, Florida 33027 >Office: 954-885-2176 >Facsimile: 954-885-3861 >Email: rarosado@lucent.com > >This electronic mail message contains information belonging to Lucent >Technologies, which may be confidential and/or legal privileged. The >information is intended only for the use of the individual or entity named >above. If you are not the intended recipient, you are hereby notified that >any disclosure, printing, copying, distribution, or the taking of any action >in reliance on the contents of this electronically mailed information is >strictly prohibited. If you receive this message in error, please >immediately notify us by electronic mail and delete this message. > >-----Original Message----- >From: Bill Hardstone [mailto:rhardstone@eudoramail.com] >Sent: Friday, March 19, 2004 7:09 AM >To: security-basics@securityfocus.com >Subject: Conducting vulnerability assessment for the first time > >I am tasked to perform network vulnerability assessments for a provider >customer > >I am searching for ... > >1. What are the tools out there to perform vulnerability assessments >(port scanner, network mapper, etc.) >2. What is the difference between vulnerability assessment and >penetration testing >3. Are there best practices that can be utilized to perform the >assessments and to report its findings > >Any help will be appreciated. > >Bill. > > > > >Need a new email address that people can remember Check out the new >EudoraMail at http://www.eudoramail.com > >--------------------------------------------------------------------------- >Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off >any course! All of our class sizes are guaranteed to be 10 students or less >to facilitate one-on-one interaction with one of our expert instructors. >Attend a course taught by an expert instructor with years of in-the-field >pen testing experience in our state of the art hacking lab. Master the >skills of an Ethical Hacker to better assess the security of your >organization. >Visit us at: >http://www.infosecinstitute.com/courses/ethical_hacking_training.html >---------------------------------------------------------------------------- > >--------------------------------------------------------------------------- >Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off >any course! All of our class sizes are guaranteed to be 10 students or less >to facilitate one-on-one interaction with one of our expert instructors. >Attend a course taught by an expert instructor with years of in-the-field >pen testing experience in our state of the art hacking lab. Master the skills >of an Ethical Hacker to better assess the security of your organization. >Visit us at: >http://www.infosecinstitute.com/courses/ethical_hacking_training.html >---------------------------------------------------------------------------- > > Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Andrew Pretzl: "RE: Online Universitties with Information Security Programs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
