In this video, Marc Menninger describes the three general categories of techniques for testing the security of systems and networks. Learn the differences between review, target identification and analysis, and target vulnerability validation techniques. Discover which testing techniques are manual and which can be automated.
- There are a wide variety of ways…to find out how secure systems and networks are,…and they fall into three general categories of techniques,…review, target identification and analysis,…and target vulnerability validation.…Review techniques are often manual examinations of systems,…applications, networks, policies, and procedures…to ensure they meet minimum security requirements.…These techniques include reviewing…system and network documentation,…firewall and switch rulesets,…and system configurations.…
Conducting network sniffing…to examine the current state of the network…and using file integrity checking…to ensure that key files haven't been modified…are also considered review techniques.…I'll describe these techniques…in the Technical Security Assessment Reviews chapter.…Target identification and analysis techniques…are used to identify and analyze systems, networks,…and security vulnerabilities…which may be relevant to the assessment.…
These techniques are often performed using automated tools…or systems which can conduct network discovery,…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.