Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Vulnerability Assessment

You're reading from   Network Vulnerability Assessment Identify security loopholes in your network's infrastructure

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher
ISBN-13 9781788627252
Length 254 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sagar Rahalkar Sagar Rahalkar
Author Profile Icon Sagar Rahalkar
Sagar Rahalkar
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Vulnerability Management Governance FREE CHAPTER 2. Setting Up the Assessment Environment 3. Security Assessment Prerequisites 4. Information Gathering 5. Enumeration and Vulnerability Assessment 6. Gaining Network Access 7. Assessing Web Application Security 8. Privilege Escalation 9. Maintaining Access and Clearing Tracks 10. Vulnerability Scoring 11. Threat Modeling 12. Patching and Security Hardening 13. Vulnerability Reporting and Metrics 14. Other Books You May Enjoy

Setting up the context

Changes are never easy and smooth. Any kind of change within an organization typically requires extensive planning, scoping, budgeting, and a series of approvals. Implementing a complete vulnerability management program in an organization with no prior security experience can be very challenging. There would be obvious resistance from many of the business units and questions asked against the sustainability of the program. The vulnerability management program can never be successful unless it is deeply induced within the organization's culture. Like any other major change, this could be achieved using two different approaches, as described in the following sections.

Bottom-up

The bottom-up approach is where the ground-level staff initiate action to implement the new initiative. Speaking in the context of the vulnerability management program, the action flow in a bottom-up approach would look something similar to the following:

  1. A junior team member of the system administrator team identifies some vulnerability in one of the systems
  2. He reports it to his supervisor and uses a freeware tool to scan other systems for similar vulnerabilities
  3. He consolidates all the vulnerabilities found and reports them to his supervisor
  4. The supervisor then reports the vulnerabilities to higher management
  5. The higher management is busy with other activities and therefore fails to prioritize the vulnerability remediation
  6. The supervisor of the system administrator team tries to fix a few of the vulnerabilities with the help of the limited resources he has
  7. A set of systems is still lying vulnerable as no one is much interested in fixing them

What we can notice in the preceding scenario is that all the activities were unplanned and ad hoc. The junior team member was doing a vulnerability assessment on his own initiative without much support from higher management. Such an approach would never succeed in the longer run.

Top-down

Unlike the bottom-up approach, where the activities are initiated by the ground-level staff, the top-down approach works much better as it is initiated, directed, and governed by the top management. For implementing a vulnerability management program using a top-down approach, the action flow would look like the following:

  1. The top management decides to implement a vulnerability management program
  2. The management calculates the ROI and checks the feasibility
  3. The management then prepares a policy procedure guideline and a standard for the vulnerability management program
  4. The management allocates a budget and resources for the implementation and monitoring of the program
  1. The mid-management and the ground-level staff then follow the policy and procedure to implement the program
  2. The program is monitored and metrics are shared with top management

The top-down approach for implementing a vulnerability management program as stated in the preceding scenario has a much higher probability of success since it's initiated and driven by top management.

You have been reading a chapter from
Network Vulnerability Assessment
Published in: Aug 2018
Publisher:
ISBN-13: 9781788627252
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image