The Linux world is full of industrial strength forensic tools, vulnerability scanners, network analyzers which can test a computer network for security issues, resolve those issues, and investigate potential compromises, all from the comfort of a shell prompt or even from an automated script.
We also use specialized methodologies ( the types used to audit military sites / large agencies ) to look into organizational policies, procedures, and culture and see what needs to be augmented for all round security.
The analysis is broken down into three phases:
- the Pre-Assessment phase.
- the On-Site phase.
- the Post-Assessment phase.
The Pre-Assessment phase consists of activities that try to get the customer to sit down and decide what information is critical to the organization's business. The goal is to get the customer to start thinking in terms of confidentiality, integrity, and availability. We start by getting customers to ask themselves questions like "What is the impact to my organization if our data is compromised?" In most cases, these decisions have to be made by upper management–level personnel who understand the ins and outs of the business process.