Technical (Bottom-Up) Methodology 93
you will conduct. For the site survey, you really just need to know if it is
going to be included. However, even if a formal physical security review is
not necessary on your target network, keep your eyes open for potential
physical gaps in security. This is more applicable if you are a consultant than
if you are running the NVA from inside your target organization. This is due
to the fact that if you are an employee of the organization for which you are
performing the security review, you will already know where the physical
security holes are.
Having determined the media types, the concentrator types, the number
and type of operating systems, the start and stop point of the target network,
the network protocols ...