Home Cart Quotation About-Us
www.ChineseStandard.net
SEARCH

GB/T 20280-2006 PDF English

US$140.00 · In stock · Download in 9 seconds
GB/T 20280-2006: Information security technology -- Testing and evaluation approaches for network vulnerability scanners
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Obsolete
Standard IDUSDBUY PDFDeliveryStandard Title (Description)Status
GB/T 20280-2006140 Add to Cart Auto, 9 seconds. Information security technology -- Testing and evaluation approaches for network vulnerability scanners Obsolete

Similar standards

GB/T 20281   GB/T 20277   GB/T 20279   

GB/T 20280-2006: Information security technology -- Testing and evaluation approaches for network vulnerability scanners


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20280-2006
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology - Testing and Evaluation Approaches for Network Vulnerability Scanners Issued on. MAY 31, 2006 Implemented on. DECEMBER 1, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China; Standardization Administration of the People's Republic of China.

Table of Contents

Foreword... 3 Introduction... 4 1 Scope... 5 2 Normative References... 5 3 Terms and Definitions... 5 4 Stipulation of Symbol, Abbreviation and Notation... 6 4.1 Symbols and Abbreviations... 6 4.2 Stipulation of Notation... 6 5 Overview of Network Vulnerability Scanners... 7 6 Testing Environment... 7 7 Testing and Evaluation Approaches and Procedure... 8 7.1 Basic-type... 8 7.1.1 Basic function... 8 7.1.3 Security assurance requirements... 18 7.2 Enhanced-type... 23 7.2.1 Basic function and performance... 23 7.2.2 Enhancement function... 23 7.2.3 Security assurance requirements... 27 Appendix A (Normative) Testing Evidence Provided by Product Manufacturer to Testing Organization... 40 A.1 Basic-type... 40 A.2 Enhanced-type... 40 Bibliography... 41 Figure 1 Test Environment Topological Graph for Network Vulnerability Scanners... 7 Table 1 Environment Specification... 7

Foreword

Appendix A of this Standard is normative. This Standard was proposed by and shall be under the jurisdiction of the National Technical Committee on Information Security of Standardization Administration of China. This Standard is responsibly drafted by Beijing Netpower Technology Ltd. AND Network Security Bureau of the Ministry of Public Security. Chief drafters of this Standard. Xiao Jiang, Lu Yi, Yang Wei, Liu Wei, Liu Bing and Ding Yuzheng.

1 Scope

This Standard specifies the testing and evaluation approaches for network vulnerability scanners that adopt Transmission Control Protocol and Internet Protocol (TCP/IP). This Standard is applicable to the testing and evaluation, R&D and application of security products for manual or automatic network vulnerability scan on computer information system. This Standard is not applicable to products specialized for vulnerability scan on database system.

2 Normative References

The following standard contains the provisions which, through reference into this document, constitute the provisions of this document. For the dated reference, the subsequent amendments (excluding corrigendum) or revisions of these publications do not apply. However, the parties who reach an agreement according to this Standard are encouraged to study whether the latest edition of these documents can be used. For undated references, their latest editions apply. GB/T 5271.8-2001 Information Technology – Vocabulary - Part 8.Security (idt ISO/IEC 2382-8.1998) GB/T 20278-2006 Information Security Technology Technique Requirement for Network Vulnerability Scanners

3 Terms and Definitions

For the purpose of this Standard, terms and definitions established in GB/T 5271.8-2001 and GB/T 20278-2006 apply.

4 Stipulation of Symbol, Abbreviation and Notation

4.1 Symbols and Abbreviations 4.2 Stipulation of Notation a) Selection. It is used for emphasizing one or more than one options in the statement of certain functional requirement, represented by underlined italics. b) Note. This Standard performs a classified discussion on testing and evaluation of network vulnerability scanners. The provisions in this Standard, unless stated, are all the requirements of basic products. The testing and evaluation item, testing content and testing and evaluation result of enhanced products shall be represented in italics.

5 Overview of Network Vulnerability Scanners

Brief introduction, system structure and product classification of network vulnerability scanners is detailed in Chapter 5 and Appendix A of GB/T 20278-2006.

6 Testing Environment

Testing environment for network vulnerability scanners is shown in Figure 1; the function of each equipment in Figure 1 is detailed in Table 1.

7 Testing and Evaluation Approaches and Procedure

7.1 Basic-type 7.1.1 Basic function 7.1.1.1 Requirements for self-security 7.1.1.1.3 Sensitive information protection 7.1.1.1.4 Software use records 7.1.1.1.5 Label of scan data pack a) Evaluation contents. refer to the contents in 7.2.5 of GB/T 20278-2006. b) Testing and evaluation approaches. 1) According to version release statement, user manual, high-level design document, testing document etc. of network vulnerability scanners, start network vulnerability scanners A and B in Figure 1 and perform scan function; 2) Acquire scan data pack of network vulnerability scanners via sniffer (e.g. Tcpdump etc.) and analyze it. c) Testing and evaluation result. record testing result and judge whether the result conforms to requirements of testing and evaluation approaches. 7.1.1.2.4 Port and service scan a) Evaluation contents. refer to the contents in 7.3.4 of GB/T 20278-2006. b) Testing and evaluation approaches. 7.1.1.3 Management requirement 7.1.1.3.1 Administrator access 7.1.1.3.2 Analysis and processing for scan result a) Evaluation contents. refer to the contents in 7.4.2 of GB/T 20278-2006. b) Testing and evaluation approaches. 7.1.1.3.4 Security of scanning object a) Evaluation contents. refer to the contents in 7.4.4 of GB/T 20278-2006. b) Testing and evaluation approaches. 7.1.1.3.5 Upgrade capability a) Evaluation contents. refer to the contents in 7.4.2 of GB/T 20278-2006; b) Testing and evaluation approaches. check version release statement, instruction manual, user manual etc. of network vulnerability scanners; start product A and B in Figure 1; inspect whether the products are provided with upgrade and update capability according to user manual. c) Testing and evaluation result. record testing result and judge whether the result conforms to requirements of testing and evaluation approaches; it shall meet such requirements as convenient and automatic upgrade and available manual upgrade and vulnerability database addition. 7.1.1.4 Operation requirement 7.1.1.4.1 Installation and operation control a) Evaluation contents. refer to the contents in 7.5 of GB/T 20278-2006. b) Testing and evaluation approaches. check version release statement, instruction manual, administrator manual, configuration management document of network vulnerability scanners, network vulnerability scanners shall be installed and operated practically. c) Testing and evaluation result. records testing result and judge whether it conforms to the requirements of testing and evaluation approaches; it shall meet the following requirements. 1) Installation, management, operating controllability of network vulnerability scanners are explained in random documents; network vulnerability scanners execute the measure of issuing license (e.g. issuing serial number; generating license according to installed computer information etc.); 2) Scanning process of network vulnerability scanners can be suspended at any time, maintain breakpoint and restore at any time; 3) In the scanning process of network vulnerability scanners, keyboard lock function and screen protection function can be executed. 7.1.2 Performance requirements 7.1.3.2 Development process of security function 7.1.3.2.2 Representation correspondence a) Representation contents. refer to the contents in 9.1.2.2 of GB/T 20278-2006. b) Testing and evaluation approaches. the evaluator shall check whether the developer provides correspondent analysis among all the adjacency pairs expressed by security function of network vulnerability scanners. In which, the correspondence among various security function representations (such as function design, high-level design, low-level design and realization representation of network vulnerability scanners) of network vulnerability scanners is an accurate and complete example required by security function representation of network vulnerability scanners. Security function of network vulnerability scanners is defined in functional design, while all the security function-related parts in relatively abstract security function representation of network vulnerability scanners are defined in relatively specific security function representation of network vulnerability scanners. c) Testing and evaluation result. record checking result and judge whether the result conform to the requirements of testing and evaluation approaches; checking contents for the evaluator shall at least include these four items-functional design, high-level design, low-level design, realization representation. The contents provided by the developer shall be accurate and complete and mutually corresponding. 7.1.3.3 Testing 7.1.3.3.1 Function test a) Evaluation contents. refer to the contents in 9.1.3.1 of GB/T 20278-2006. b) Testing and evaluation approaches. 1) Evaluate whether testing document provided by the developer include testing plan, testing process, expectative testing result and actual testing result; 2) Judge whether to-be-test security function is marked and the test object is described in testing plan; 3) Whether to-be-executed test is marked and each test general condition of security function (these general condition include the sequence dependence for other testing result) is described; 4) Whether the expected testing result indicate the expected output after the successful test; 5) Whether the actual testing result indicates each tested security function can be operated as required. c) Testing and evaluation result. record checking result and judge whether the result conforms to requirements of testing and evaluation approaches; the checking contents for the evaluator shall at least include five aspects in testing and evaluation approaches. The contents provided by the developer shall be complete. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.
Image 1     Image 2     Image 3     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of English version of GB/T 20280-2006 be delivered?Answer: The full copy PDF of English version of GB/T 20280-2006 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 20280-2006_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20280-2006_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 20280-2006 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

How to buy and download a true PDF of English version of GB/T 20280-2006?

A step-by-step guide to download PDF of GB/T 20280-2006_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 20280-2006".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3    Steps 4~6    Step 7    Step 8    Step 9