Introduction

Welcome, and thank you for purchasing Inside Network Security Assessment. Our goal was to create a practical guide for planning, performing, and reporting on the risk and vulnerability assessment process. This is a critical topic for IT professionals given that a security assessment provides the necessary information and data for organizations to form the foundation for a reliable and secure IT infrastructure.

This book takes a look inside the network vulnerability assessment process. Its purpose is to teach individuals a methodology for network security assessments. For those of you who must manage or outsource these duties, this book will provide you with tips, pointers, and insight into what a vulnerability assessment is all about. This book is broken up into 10 chapters that follow the vulnerability assessment process from creation to finish. It also discusses, in brief, basic risk assessment methodologies. So even if you are not ready for a full-blown vulnerability assessment, you should be able to start adding basic risk assessment methodologies to new projects and the change control process.

The security assessment process incorporates both risk assessment and vulnerability assessment, which includes the science, tools, methodology, and practices involved in finding, analyzing, and assessing risk for known or unknown vulnerabilities and exposures in a given Information Technology (IT) infrastructure. This book examines the entire IT infrastructure, which encompasses all the IT assets commonly found in an IT environment, such as the data, applications, servers, workstations, and network infrastructure (LANs, WANs, and LAN-to-WAN). The term IT infrastructure is generally used to describe the entire landscape of IT assets and elements. The term IT assets is generally used to describe the individual IT assets or elements commonly found in an IT environment.

All organizations need to assess, identify, define, and confirm the minimum level of acceptable security for their organization and IT assets. Until now, organizations needed to spend thousands of dollars on high-priced consultants to perform a variety of assessments. With Inside Network Security Assessment, readers will receive a collection of tools, utilities, templates, and a step-by-step approach for conducting a security assessment process that incorporates both risk assessment and vulnerability assessment.