Date Published: October 2003
Author(s)
John Wack (NIST), Miles Tracy (Federal Reserve Information Technology), Murugiah Souppaya (NIST)
The purpose of this document is to provide guidance for security program manager, technical managers, functional managers, and other information technology (IT) staff members who deal with systems concerning when and how to perform tests for network security vulnerabilities and policy implementation. This document identifies network testing requirements and how to prioritize testing activities with limited resources. It describes security testing techniques and tools. This document provides guidance to assist organizations in avoiding redundancy and duplication of effort by providing a consistent approach to network security testing throughout an organization's networks. Furthermore, this document provides a feasible approach for organizations by offering varying levels of network security testing as mandated by an organization's mission and security objectives.The main focus of this document is the basic information about techniques and tools for individuals to begin a testing program. This document is by no means all-inclusive and individuals and organizations should consult the references provided in this document as well as vendor production descriptions and other sources of information.
The purpose of this document is to provide guidance for security program manager, technical managers, functional managers, and other information technology (IT) staff members who deal with systems concerning when and how to perform tests for network security vulnerabilities and policy...
See full abstract
The purpose of this document is to provide guidance for security program manager, technical managers, functional managers, and other information technology (IT) staff members who deal with systems concerning when and how to perform tests for network security vulnerabilities and policy implementation. This document identifies network testing requirements and how to prioritize testing activities with limited resources. It describes security testing techniques and tools. This document provides guidance to assist organizations in avoiding redundancy and duplication of effort by providing a consistent approach to network security testing throughout an organization's networks. Furthermore, this document provides a feasible approach for organizations by offering varying levels of network security testing as mandated by an organization's mission and security objectives.The main focus of this document is the basic information about techniques and tools for individuals to begin a testing program. This document is by no means all-inclusive and individuals and organizations should consult the references provided in this document as well as vendor production descriptions and other sources of information.
Hide full abstract
Keywords
intrusion detection; network security testing; password cracking; system test & evaluation; vulnerability scanners
Control Families
None selected