Chapter 9. Vulnerability Assessment
83
9.2.1. Establishing a Methodology
To aid in the selection of tools for vulnerability assessment, it is helpful to establish a vulnerability
assessment methodology. Unfortunately, there is no predefined or industry approved methodology at
this time; however, common sense and best practices can act as a sufficient guide.
What is the target? Are we looking at one server, or are we looking at our entire network and every
thing within the network? Are we external or internal to the company? The answers to these questions
are important as they will help you determine not only which tools to select but also the manner in
which the they will be used.
To learn more about establishing methodologies, refer to the following websites:
http://www.ideahamster.org/osstmm description.htm The Open Source Security Testing Method
ology Manual (OSSTMM)
http://www.owasp.org The Open Web Application Security Project
9.3. Evaluating the Tools
A typical assessment can start by using some form of information gathering tool. If assessing the
entire network, map the network layout first to find the hosts that are running. Once located, we can
then focus on examining them. Focusing on these hosts will require another set of tools. Knowing
which tools to use may be the most crucial step in finding vulnerabilities.
Just as in any aspect of everyday life, there are many different tools that perform the same job. This
concept applies to performing vulnerability assessments as well. There are tools specific to operating
systems, applications, and even networks (based on protocols used). Some tools are free (in terms of
cost) while others are not. Some tools are intuitive and easy to use, while others are cryptic and poorly
documented.
Deciding which tools are the right tools for you may be a daunting task. In the end, experience counts.
If possible, set up a test lab and try out as many tools as you can, noting the strengths and weaknesses
of each. Review the README file or man page for the tool. In addition, look to the Internet for more
information, such as articles, step by step guides, or even mailing lists specific to a tool.
The tools discussed below are just a small sampling of the available tools.
9.3.1. Scanning Hosts with Nmap
Nmap is a popular tool for mapping networks is included in Red Hat Linux. Nmap has been available
for many years and is probably the most often used tool when gathering information. An excellent
man page is included that covers the details, options, and examples of using Nmap. Use it on your
network to find host systems and open ports on those systems.
Nmap is a competent first step in vulnerability assessment. You can map out all the hosts within your
network, and even pass an option that will allow it to attempt to identify the operating system running
on those hosts. Nmap is a good foundation for establishing a policy of using secure services and
stopping unused services.
9.3.1.1. Using Nmap
Nmap can be run from a shell prompt or using a graphical version. At a shell prompt, type the
nmap
command followed by the hostname or IP address of the machine you want to scan.
nmap foo.example.com
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved