Network Security Evaluation Using the NSA IEMBy
- Russ Rogers
- Ed Fuller
- Greg Miles
- Bryan Cunningham
Network Security Evaluation provides a methodology for conducting technical security evaluations of all the critical components of a target network. The book describes how the methodology evolved and how to define the proper scope of an evaluation, including the consideration of legal issues that may arise during the evaluation. More detailed information is given in later chapters about the core technical processes that need to occur to ensure a comprehensive understanding of the networks security posture. Ten baseline areas for evaluation are covered in detail. The tools and examples detailed within this book include both Freeware and Commercial tools that provide a detailed analysis of security vulnerabilities on the target network. The book ends with guidance on the creation of customer roadmaps to better security and recommendations on the format and delivery of the final report.
If a network is secure enough for the NSA, it is probably secure enough for you! Here is the only book on the market that teaches security professionals how to test the security of their own networks using assessment techniques developed by the NSA.
Paperback, 450 Pages
Published: July 2005
- Chapter 1: Introduction to the IEM Chapter 2: Before You Start Evaluating Chapter 3: Setting Expectations Chapter 4: Scoping the Evaluation Chapter 5: Legal Planning Chapter 6: The Technical Evaluation Plan (TEP) Chapter 7: Starting your On-Site Efforts Chapter 8: Enumeration Activities Chapter 9: Collecting the majority of vulnerabilities Chapter 10: Fine Tuning the Evaluation Chapter 11: On-Site Closing Meeting Chapter 12: Evaluation Analysis Chapter 13: Creating Measurements and Trending Results Chapter 14: Trending Metrics Chapter 15: Final Reporting Chapter 16: IEM Summary [Russ] Appendix A: Table of example tools for each of the 10 baseline activities Appendix B: Sample TEP layout