ABSTRACT
After reading of this chapter, students are expected to achieve an understanding of:
The existing standards for active security assessment The limits of active security assessment The vulnerabilities of various components of the computing
environment Ethical hacking The proposed strategies for active security assessment How the active security assessment project works How the reconnaissance effort is conducted How to conduct passive security assessment How to conduct the active security assessment effort How the NSA Triad for security assessment works How to penetrate the system as hackers do The cognitive ability of hackers How some ASA resources work
9.1 Introduction This book is about effective security management. Major activities in security management include security planning, intrusion detection, risk management, and security auditing. There are not, however, any activities among these that does not require major testing activities that include both passive and active security assessment. This chapter is concerned with active security assessment. There are many types of testing activities presented in the literature with different names, such as vulnerability assessment, penetration testing, ethical hacking, and security assessment, and even these testing activities have single definitions acceptable to all.
