There are various methodologies out there when it comes to conducting a network vulnerability assessment.  But in all fairness they’re all pretty much similar in the fact that they contain various steps in the process and these steps may consist more or less of 7 main phases and can be used in conducting assessments for small and medium sized businesses (SMBs).  We follow the following methodology within our practice at https://www.vistacomputing.com.  For SMBs you can follow these simple steps: 

1.  Kick-off engagement meeting

2.  Discovery

3.  Investigation

4.  Verification

5.  Exploitation

6.  Reporting

7.  Remediation

Detailed Information regarding the above steps:

1.  Kick-off engagement meeting

The kick-off engagement meeting is for initial meet and greet with the client to find out more about what the client is trying to accomplish and deals with administrative tasks.

    a.  Identify the business drivers

    b.  Identify and engage the stake-holders

    c.  Set expectations and priorities

    d.  Acquire authorizations from the client

    e.  Validate and verify client subnets and host IPs

2.  Discovery

The discovery phase consists of technical tasks associated with finding out information about the client through the IP Addresses given by the client.  This is the scope of the engagement.  Typically the discovery phase includes finding out which hosts respond to ICMP echo requests, basic TCP Port Probes, DNS lookups and reverse-lookups.

3.  Investigation

The investigation phase is a deeper inspection of the hosts that are within scope for the engagement.  This is a technical task using various products to conduct vulnerability scans against the IPs.  We use a combination of open-source and commercial tools to carry on these tasks.

4.  Verification

The verification phase is a manual task where the reports of the investigation reports are manually verified for false-positives.  This is a phase for conducting clean-up tasks of the investigation report.  We usually call this the quality assurance phase where we make sure we’re delivering something that’s valid.

5.  Exploitation

The exploitation phase is a technical task to try and break into a system through the vulnerabilities found in the investigation report and/or the discovery phase.  If it is discovered that a critical and/or high risk vulnerability is found, seek approval from the stake-holders to conduct exploitation.  Not all engagements require the exploitation phase.  This is always optional.

6.  Reporting

Reporting is an important key factor when conducting the simple network vulnerability assessment for a client.  It is a common best practice to keep records of each step of the process through screen shots, notes, and various documentation efforts.  The report is primarily for the client to have a representation of where they are in terms of network security and how vulnerable they are.  The report will also include all vulnerabilities discovered as well as the remediation steps.  The final report is a PDF.

7.  Remediation

The remediation phase is for plugging the holes in the client’s network.  The remediation phase is a list of tasks to be completed in order to get rid of the vulnerabilities and to mitigate the risks.  This is also an optional task and we would need to discuss it with the client.

A VERY IMPORTANT DISCLAIMER:

All vulnerability assessments and penetration testing efforts are point in time tests.  So while we are conducting a vulnerability assessment you have to remember that it is a point in time test because a few minutes after a test is completed there could be a change to the system that we just scanned.