Chapter 9. Vulnerability Assessment


83


9.2.1. Establishing a Methodology


To aid in the selection of tools for vulnerability assessment, it is helpful to establish a vulnerability


assessment methodology. Unfortunately, there is no predefined or industry approved methodology at


this time; however, common sense and best practices can act as a sufficient guide.


What is the target? Are we looking at one server, or are we looking at our entire network and every 


thing within the network? Are we external or internal to the company? The answers to these questions


are important as they will help you determine not only which tools to select but also the manner in


which the they will be used.


To learn more about establishing methodologies, refer to the following websites:


http://www.ideahamster.org/osstmm description.htm   The Open Source Security Testing Method 


ology Manual (OSSTMM)


http://www.owasp.org   The Open Web Application Security Project


9.3. Evaluating the Tools


A typical assessment can start by using some form of information gathering tool. If assessing the


entire network, map the network layout first to find the hosts that are running. Once located, we can


then focus on examining them. Focusing on these hosts will require another set of tools. Knowing


which tools to use may be the most crucial step in finding vulnerabilities.


Just as in any aspect of everyday life, there are many different tools that perform the same job. This


concept applies to performing vulnerability assessments as well. There are tools specific to operating


systems, applications, and even networks (based on protocols used). Some tools are free (in terms of


cost) while others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly


documented.


Deciding which tools are the right tools for you may be a daunting task. In the end, experience counts.


If possible, set up a test lab and try out as many tools as you can, noting the strengths and weaknesses


of each. Review the README file or man page for the tool. In addition, look to the Internet for more


information, such as articles, step by step guides, or even mailing lists specific to a tool.


The tools discussed below are just a small sampling of the available tools.


9.3.1. Scanning Hosts with Nmap


Nmap is a popular tool for mapping networks is included in Red Hat Linux. Nmap has been available


for many years and is probably the most often used tool when gathering information. An excellent


man page is included that covers the details, options, and examples of using Nmap. Use it on your


network to find host systems and open ports on those systems.


Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your


network, and even pass an option that will allow it to attempt to identify the operating system running


on those hosts. Nmap is a good foundation for establishing a policy of using secure services and


stopping unused services.


9.3.1.1. Using Nmap


Nmap can be run from a shell prompt or using a graphical version. At a shell prompt, type the


nmap


command followed by the hostname or IP address of the machine you want to scan.


nmap foo.example.com








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved