O'Reilly logo

Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions by Thomas J. Mowbray

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 7

Reconnaissance, Vulnerability Assessment, and Cyber Testing

In this chapter I summarize security testing methodology, network scanning, vulnerability probing, and system fingerprinting. I then cover best practices for test planning.

I also introduce security-testing techniques and build on this introduction with a discussion of pen testing techniques in Chapter 8. There is a clear dividing line between this chapter's techniques, which are generally legal in most jurisdictions, and the next chapter's techniques, which are generally illegal without written permission from the system owners.

NOTE To perform either class of tests, you should be aware of laws in your locality, as well as any jurisdictions through which your test packets transit. All of the laws of all the countries and jurisdictions carrying your test packets apply to your tests.

Types of Cybersecurity Evaluations

Cybersecurity evaluation is part of an overall risk management process. The main phases of this process include risk assessment, certification testing, and accreditation. Risks are potential harm that can be caused by a threat. Vulnerabilities are system weaknesses that can be exploited by threats to convert risks into security issues. Security issues are what happens after a risk has been successfully exploited.

Vulnerability testing and penetration testing are complementary techniques. Vulnerability testing is the more comprehensive of the two. In vulnerability testing you are searching for all ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required