RE: Conducting vulnerability assessment for the first time

• Previous message: Andrew Pretzl: "RE: Online Universitties with Information Security Programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: rhardstone@eudoramail.com, "Rosado, Rafael (Rafael)" <rarosado@lucent.com>
Date: Tue, 06 Apr 2004 20:54:34 -0400

Hello All,

Sorry for a late response...

Thanks to everyone who responded. I ended up deligating this part of the engagement to another resource that will report findings to me.

I realized some of the issues as I was putting together the project plan for this client. The key issue being time limitation to ramp up...

Thanks again everyone for their input/ suggestions.

~Bill

--
--------- Original Message ---------
DATE: Fri, 19 Mar 2004 11:52:02
From: "Rosado, Rafael (Rafael)" <rarosado@lucent.com>
To: rhardstone@eudoramail.com
Cc: security-basics@securityfocus.com
>Bill,
>
>If you have never performed a Vulnerability Assessment, I would suggest that
>you take a course from SANS (or other vendors, although SANS is probably the
>best, Foundstone through GlobalKnowledge is also excellent) before
>performing the work for your customer.  Regarding a Pen Test, these require
>a large amount of knowledge/experience, so you are probably best suited
>contracting a company that has done it extensively and learn from them (and
>taking technically detailed training on these).
>
>When performing these reviews for customers, there is a large amount of
>liability you are exposing yourself to, so you are best suited working with
>other companies and taking in-depth training before attempting to perform
>these types of reviews on your own.
>
>I would be happy to speak with you offline on these topics.
>
>Rafael Rosado, CISSP, CISA
>Network Security Manager
>Lucent Technologies
>IT Infrastructure - Network Design
>2400 SW 145th Avenue 
>Miramar, Florida 33027 
>Office: 954-885-2176 
>Facsimile: 954-885-3861 
>Email: rarosado@lucent.com 
>
>This electronic mail message contains information belonging to Lucent
>Technologies, which may be confidential and/or legal privileged. The
>information is intended only for the use of the individual or entity named
>above. If you are not the intended recipient, you are hereby notified that
>any disclosure, printing, copying, distribution, or the taking of any action
>in reliance on the contents of this electronically mailed information is
>strictly prohibited. If you receive this message in error, please
>immediately notify us by electronic mail and delete this message.
>
>-----Original Message-----
>From: Bill Hardstone [mailto:rhardstone@eudoramail.com] 
>Sent: Friday, March 19, 2004 7:09 AM
>To: security-basics@securityfocus.com
>Subject: Conducting vulnerability assessment for the first time
>
>I am tasked to perform network vulnerability assessments for a provider
>customer
>
>I am searching for ...
>
>1.	What are the tools out there to perform vulnerability assessments
>(port scanner, network mapper, etc.)
>2.	What is the difference between vulnerability assessment and
>penetration testing
>3.	Are there best practices that can be utilized to perform the
>assessments and to report its findings
>
>Any help will be appreciated.
>
>Bill.
>
>
>
>
>Need a new email address that people can remember Check out the new
>EudoraMail at http://www.eudoramail.com
>
>---------------------------------------------------------------------------
>Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
>any course! All of our class sizes are guaranteed to be 10 students or less
>to facilitate one-on-one interaction with one of our expert instructors. 
>Attend a course taught by an expert instructor with years of in-the-field
>pen testing experience in our state of the art hacking lab. Master the
>skills of an Ethical Hacker to better assess the security of your
>organization. 
>Visit us at: 
>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>----------------------------------------------------------------------------
>
>---------------------------------------------------------------------------
>Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
>any course! All of our class sizes are guaranteed to be 10 students or less 
>to facilitate one-on-one interaction with one of our expert instructors. 
>Attend a course taught by an expert instructor with years of in-the-field 
>pen testing experience in our state of the art hacking lab. Master the skills 
>of an Ethical Hacker to better assess the security of your organization. 
>Visit us at: 
>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>----------------------------------------------------------------------------
>
>
Need a new email address that people can remember
Check out the new EudoraMail at
http://www.eudoramail.com
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Andrew Pretzl: "RE: Online Universitties with Information Security Programs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]