Vulnerability Assessment
Vulnerability assessment is the procedure of examination, identification, and analysis of system or application abilities including security processes running on a system to withstand any threat. Through vulnerability assessment, you can identify weaknesses and threat to a system, scope a vulnerability, estimate the requirement and effectiveness of any additional security layer.
Types of Vulnerability Assessment
The following are the types of vulnerability assessment:
- Active Assessment
- Assessment
- Host-based Assessment
- Internal Assessment
- External Assessment
- Network Assessment
- Wireless Network Assessment
- Application Assessment
Network Vulnerability Assessment Methodology
Network Vulnerability Assessment is an examination of possibilities of an attack & vulnerabilities to a network. The following are the phases of Vulnerability Assessment:
- Acquisition
- Identification
- Analyzing
- Evaluation
- Generating Reports
1. Acquisition
The acquisition phase compares and review previously- identified vulnerabilities, laws, and procedures that are related to network vulnerability assessment.
2. Identification
In the Identification phase,
interaction with customers, employees,
administration or other people that are involved in designing the network architecture to gather the technical information.
3. Analyzing
Analyzing phase reviews, the gathered, collected information in the form of a collection of documentation or one-to-one interaction. Analyzing phase is basically: -
- Review information.
- Analyzing previously identified vulnerabilities results.
- Risk Assessment.
- Vulnerability and Risk Analysis.
- Evaluation of the effectiveness of existing security policies.
4. Evaluation
Evaluation phase includes: -
- Inspection of Identified Vulnerabilities.
- Identification of flaws, gaps in existing & required Security.
- Determination of Security Control required resolving issues & Vulnerabilities.
- Identify modification and Upgrades.
5. Generating Reports
Reporting phase is documentation of draft report required for future inspection. This report helps identify vulnerabilities in the acquisition phase. Audit and Penetration also require these previously collected reports. When any modification in security mechanism is required, these reports help to design security infrastructure. Central Databases usually holds these reports. Reports contain: -
- Task did by each member of the team.
- Methods & tools used.
- Findings. Recommendations.
- Collected information from different phases.
