Wednesday, January 4, 2012

Open Source Security Map Tutorial Tips and Trick

The Open Source security map is a visual display of the security presence. The security presence is the environment of a security test and is comprised of six sections which are the sections of this manual. The sections each overlap and contain elements of all other sections. Proper testing of any one section must include the elements of all other sections, direct or indirect.

The sections in this manual are:
1. Information Security
2. Process Security
3. Internet Technology Security
4. Communications Security
5. Wireless Security
6. Physical Security

Security Map Module List
The module list of the security map are the primary elements of each section. Each module must further include all of the Security Dimensions which are integrated into tasks to be completed. To be said to perform an OSSTMM security test of a particular section, all the modules of that section must be tested and of that which the infrastructure does not exist for said Module and cannot be verified, will be determined as NOT APPLICABLE in the OSSTMM Data Sheet inclusive with the final report.

1. Information Security Testing
a. Posture Assessment
b. Information Integrity Review
c. Intelligence Survey
d. Internet Document Grinding
e. Human Resources Review
f. Competitive Intelligence Scouting
g. Privacy Controls Review
h. Information Controls Review

2. Process Security Testing
a. Posture Review
b. Request Testing
c. Reverse Request Testing
d. Guided Suggestion Testing
f. Trusted Persons Testing

3. Internet Technology Security Testing
1. Logistics and Controls
2. Posture Review
3. Intrusion Detection Review
4. Network Surveying
5. System Services Identification
6. Competitive Intelligence Scouting
7. Privacy Review
8. Document Grinding
9. Internet Application Testing
10. Exploit Research and Verification
11. Routing
12. Trusted Systems Testing
13. Access Control Testing
14. Password Cracking
15. Containment Measures Testing
16. Survivability Review
17. Denial of Service Testing
18. Security Policy Review
19. Alert and Log Review

4. Communications Security Testing
1. Posture Review
2. PBX Review
3. Voicemail Testing
4. FAX Testing
5. Modem Survey
6. Remote Access Control Testing
7. Voice over IP Testing
8. X.25 Packet Switched Networks Testing


5. Wireless Security Testing
1. Posture Review
2. Electromagnetic Radiation (EMR) Testing
3. 802.11 Wireless Networks Testing
4. Bluetooth Networks Testing
5. Wireless Input Device Testing
6. Wireless Handheld Testing
7. Cordless Communications Testing
8. Wireless Surveillance Device Testing
9. Wireless Transaction Device Testing
10. RFID Testing
11. Infrared Testing
12. Privacy Review

6. Physical Security Testing
1. Posture Review
2. Access Controls Testing
3. Perimeter Review
4. Monitoring Review
5. Alarm Response Review
6. Location Review
7. Environment Review

0 comments:

Post a Comment