Eicon Networks S92 Manuel d'utilisateur télécharger pdf (Page 138)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 138

Overview

“Firewallsaregreatforrestrictingaccesstoyournetwork,butfirewallscannot

preventallproblems.”(fromSecurityspace.com

34

)

AccordingtoSecurityspace.com,themostcommonproblemswithfirewallsare:

n firewallmisconfiguration

n vulnerablenetworkservices

Thegoalofoursecurityarchitectureauditistoverifythatthedefensemechanismwe

designforGIACisfunctioningproperly.Suchacomprehensiveauditshallinclude

thefollowingelementsasdescribedby wemanageservers.com:

“FootprintAnalysiswhatoperatingsystemandwhatservicesandapplicationsare

runningonit.

PortScanningwhatportsareopenthatcanallowpotentialconnectiontothe

system?

VulnerabilityAnalysiswhatareasofthesystemcanbeexploitedbyhackers?

PenetrationTesting Attempttoexploitvulnerabilitiesfoundinthevulnerability

analysisphase.”

35

Inafullscaleaudit,eventhehostsbehindthefirewallsaretobetested.Forthescope

ofthisproject,however,oureffortwillbelimitedtotheroutersandthefirewalls.

DepthoftheAudit

Toisolateandclearlyidentifytheweaknessesorflawsofeverysecuritydeviceinthe

network,eachdeviceistestedindependentlyagainstwhataretobeexpectedoutof

eachofthem.Tobeprecise,wewanttofindout:

34

http://www.securityspace.com/smysecure/daudit_faq.html

35

http://www.wemanageservers.com/managed_security/security_audit/security_audit.html

1 2 ... 133 134 135 136 137 138 139 140 141 142 143 ... 208 209

Pas de commentaire

Eicon Networks S92 Manuel d'utilisateur Page 138