Elements of a Good Vulnerability Assessment

To perform a good network vulnerability assessment, you should incorporate at least four elements:
• Comprehensive
• Experience
• Results must be reproducible
• Multi-Test Environment (MTE)

The comprehensiveness
The comprehensiveness of your network vulnerability assessment will be affected by two major factors. The first of the two encountered will be the amount of time you can dedicate to the network vulnerability assessment; the second is the amount of capital resources you can devote to the network vulnerability assessment itself.

Experience
There is no substitute for experience. The only way to get better at doing vulnerability assessments is to do vulnerability assessments. The best way to gain this kind of experience is to practice on your own. One of the ways is to set up a target network on your own internal LAN. You can also run tests against Internet available resources that you have permission to test. However, you must resist the urge to test systems on the Internet you do not have permission to test.

Results must be reproducible
The hardware requirements for conducting a network vulnerability assessment are not all that severe. As of this writing, we are currently using two laptops with 600 MHz processors and 288 MB of RAM in each. These are far from state-of-the-art machines, but they are still sufficiently powerful to do most all of what you would like to do. The reason we have to separate machines is to monitor for data leakage. Data leakage is a vulnerability the affected a number of manufacturers a few years ago. Some time ago, most of these affected companies released patches to repair the data leakage vulnerabilities. However, many people have not applied these patches because some of the manufacturers required a paid subscription service to receive these updates. So, it still remains a good idea to continue to test for these vulnerabilities.

Multi test Environment
The way we test for these vulnerabilities is to deploy a laptop with an intelligent network Sniffer and place it behind the corporate firewall or router. The other laptop will be in your vulnerability assessment toolkit, performing scans over the Internet, directed at the network behind the firewall or router. Certain types of firewalls and routers may be susceptible to data leakage. The vulnerability uses small, fragmented packets and directs them towards the inside network. For the sake of efficiency, the firewall or router may pass these packets on before they are reassembled and checked. If these devices have been sufficiently patched, none of the attack information should be bleeding through.

This vulnerability assessment tips is taken from Managing a Network Vulnerability Assessment by Thomas R. Peltier, Justin Peltier and John A. Blackley.