Thoughts on IEM Day 1

I was tired today.. maybe it was the material, or the fact that I had to break my college routine and wake up early in the morning... but I was beat. Regarding the IEM, the material could be a little better. Some of the tools that were mentioned are not used so much today, but the methodology still applies. NSA doesn't endorse any of the tools, but to be an IEM, requires you use tools to complete several baseline activities I'll list below.

The nice thing about the IAM and IEM is that it provides a "repeatable framework" for security assessments and evaluations. Each organization is different, so it's up to the security people performing the evaluation to gather up their skill sets and use what works for them for their particular environment.

There are 10 baseline activities that an evaluation covers:

1. Port Scanning
2. SNMP Scanning
3. Enumeration & Banner Grabbing
4. Wireless Enumeration
5. Vulnerability Scanning
6. Host Evaluation
7. Network Device Analysis
8. Password Compliance Testing
9. Application Specific Scanning
10. Network Sniffing

Most of the activities are pretty basic, and knowing how to use your tools effectively will make all the difference. I realized I haven't done much with SNMP, and I can also work on improving my skills with netcat. We didn't do anything with wireless, since we were on an isolated LAN segment.

If you want more information on the IEM or IAM, check out IATRP. You can also view the presentation slides used during the lectures.

Posted by Marcin on Thursday, January 18, 2007 in School and Security.