Two goals of Vulnerability Assessment
There are two major goals of a network vulnerability assessment (NVA). The first goal of a technical vulnerability assessment is to test everything possible. The second goal of a technical NVA is to generate a clear, concise report that will be read and used by your management or your customers
To test everything possible is often useful to think in "new-age" terms and consider the NVA a holistic NVA. The reason that it is important to test the entire security domain is somewhat obvious. An intruder only needs one hole to break into the network; if that hole lies in the primary firewall or through a modem connected to an executive's desktop computer, it really does not matter. There are some factors that will limit how deep you can make the NVA.
The two factors that most often get in the way of a complete NVA are time and cost. The time you spend running your NVA is generally time that you are not spending on your other job functions, and this can cost your company money or impact your company in other ways. Also, the cost of the NVA may limit the tools at your disposal for the testing period. If your organization has a somewhat meager budget for the technical areas of an NVA, do not worry too much. There are a number of great tools that are completely free, which will allow you to run a very respectable NVA without spending a fortune collecting tools. We further discuss tools in Chapter 6.
The second goal of a technical NVA is to generate a clear, concise report that will be read and used by your management or your customers. One of the most common rookie mistakes in running a NVA is to run a NVA tool with all the default options, have it generate a default report, and then print out thousands of pages with every vulnerability inside a client's domain — all the way from huge vulnerabilities such as a nonpassword-protected telnet session on the company's primary Internet router, down to very small vulnerabilities such as a workstation responding to a ping. This method delivers a significant number of pages for the customer to read, and a very thick binder that will look impressive sitting on a shelf of the CSO's office for years to come. The question lies in the value of this type of vulnerability assessment. [Managing a Network Vulnerability Assessment, Thomas R. Peltier, Justin Peltier and John A. Blackley ]