Re: NASA Security Audit

["Meritt James" <meritt_james () bah com>]

Nice of you to point that out on the mailing list instead of using
email.  Some of the kiddies might have missed that.

Jim

Cl Clay wrote:
> Firstly, you are giving up too much information.  Now if I were a
> hacker/script kiddie lurking thru this newsgroup I know what exploits to
> try.
>
>    I know what kind of firewall u are running. so now I can look up all the
>    vulnerabilities in Checkpoint
>    I know that FTP is running so now I hope you have it improperly
>    configured.
>    I know terminal services is running so now I can look up those
>    vulnerabilities as well.
>
> Respectfully speaking, I think these are basic no no's.
>
> -----------------------------------------------
> ----------------------------------------------------------------------------------------
>
>
>                       "Gregory M.
>                       Brown" <gbrown           To:      <SECURITY-BASICS () securityfocus com>
>                       @alvalearning.co         cc:
>                       m>                       Subject: NASA Security Audit
>
>                       10/08/2003 12:48
>                       PM
>
>
>
> Well it looks as though I am finally going to be tested by the Feds.
> According to my CTO, a guy named Jay Diceman will be the point man.
> Anyone ever hear of him?  I hear he is a well known security expert
> (ex-hacker?)for the federal government.  I have downloaded the Evaluated
> Security Configuration document created for Microsoft by Science
> Applications International Corporation.  There are actually 2 of these.
> I think those .pdf's cover the Microsoft component.  I don't even want
> him to get as far as any MS box.  I am fairly new to security (2years)
> and my final exam is going to be a "Black Box" test and a "Crystal" test
> from some heinously gifted hacker from NASA...
>
> 1.  What exactly will these 2 forms of intrusion concentrate on?
>
> 2.  Is my hardware up to the task?  I currently have a Fortigate
> Fortinet 50 configured for intrusion detection and prevention.  I am
> currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
> with a physical DMZ path.  The only questionable services allowed
> through are FTP (requirement) and Terminal Services (requirement).
>
> 3.  What can I expect?  Any input is GREATLY appreciated.
>
> Thanks.  Man I hope I still have a job in 2 weeks!
> gb
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
----------------------------------------------------------------------------