Security Basics mailing list archives
Re: NASA Security Audit
From: "Marcos E. Rodriguez" <mrodrigu () agape-tech com>
Date: Fri, 10 Oct 2003 17:04:28 -0400
Whooooooa horsie, you're tooo wound up mah brotha! First, relax. Understand that your auditors are simply men and women, not to be feared. They put their pants on the same way you do. Secondly, if he finds something you've never heard of that's great. Stick with that team every step of the audit and testing and learn learn LEARN! Also, you want to take lots of notes. Take inventory, (Privately), on what you have. Seek the well known lists, go to the CVE, Cert sites, etc. Make sure your known patches are applied, take care of the obvious (if you haven't already). Vulnerabilities in your network under your care is not necessarily a reflection of how great an engineer you are. I've been on many cases where they had crack engineering teams, but were just spread so thin that it was impossible to keep up with everything. An audit/pentest, whatever you like to call it is a great way to get an overview on how to better keep up with today's security issues, beef up what you have, maximize your time in-house to put together the right teams needed for threat management and the like. It is a long and arduous process friend, security is still in its early stages as far as popularity is concerned. Remember to keep it simple, one step at a time. Make a list, keep your tabs on it and move out soldier! Not certain if you are gov't or private sector. If it's the former, than your position is quite secure I would guess. Don't let this rattle you, go into the whole scenario expecting to become a better engineer, and expecting to learn all you can about this whole process. You'll never forget it, just take it by the horns. My 2 scents, er....cents. marcos --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- NASA Security Audit Gregory M. Brown (Oct 08)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)
- PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- <Possible follow-ups>
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
- Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
- RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
- Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)