Re: NASA Security Audit

["Marcos E. Rodriguez" <mrodrigu () agape-tech com>]

Okay, I wouldn't answer THAT!

lol,

marcos
----- Original Message ----- 
From: "Morgado Alain" <amorgado () AeroKool com>
To: "Raymer, Dan" <DRaymer () webmd net>; "'Byron Copeland'"
<nodialtone () comcast net>; "'Gregory M. Brown'" <gbrown () alvalearning com>;
<SECURITY-BASICS () securityfocus com>
Sent: Friday, October 10, 2003 9:37 AM
Subject: RE: NASA Security Audit


> What kind of stuff will he uncover?
>
>
> -----Original Message-----
> From: Raymer, Dan [mailto:DRaymer () webmd net]
> Sent: Thursday, October 09, 2003 12:03 PM
> To: 'Byron Copeland'; 'Gregory M. Brown';
SECURITY-BASICS () securityfocus com
> Subject: RE: NASA Security Audit
>
> Diceman did a lot of work with the DOE and DIA concerning
> anti-subversion/espionage techniques.  His team is top notch.  I have
never
> heard of anyone actually losing a job over one of his assessments though.
> He will find things you will never even think about.  Prepare to be
> embarrassed, humiliated, and humbled... but you will come out much smarter
> and more prepared in the end.
>
> -----Original Message-----
> From: Byron Copeland [mailto:nodialtone () comcast net]
> Sent: Wednesday, October 08, 2003 9:30 PM
> To: 'Gregory M. Brown'; SECURITY-BASICS () securityfocus com
> Subject: RE: NASA Security Audit
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The "Diceman"?  Yeah funny guy :)  Really don't know Jay Diceman, but the
> NSA has a pretty squared away assessment team.  Worked with them in the
> past.
>
>
>
>
>
> > -----Original Message-----
> > From: Gregory M. Brown [mailto:gbrown () alvalearning com]
> > Sent: Wednesday, October 08, 2003 12:49 PM
> > To: SECURITY-BASICS () SECURITYFOCUS COM
> > Subject: NASA Security Audit
> >
> > Well it looks as though I am finally going to be tested by the Feds.
> > According to my CTO, a guy named Jay Diceman will be the point man.
> > Anyone ever hear of him?  I hear he is a well known security expert
> > (ex-hacker?)for the federal government.  I have downloaded the Evaluated
> > Security Configuration document created for Microsoft by Science
> > Applications International Corporation.  There are actually 2 of these.
> > I think those .pdf's cover the Microsoft component.  I don't even want
> > him to get as far as any MS box.
>
> Probably already in them.
>
> I am fairly new to security (2years)
> > and my final exam is going to be a "Black Box" test and a "Crystal" test
> > from some heinously gifted hacker from NASA...
> >
> > 1.  What exactly will these 2 forms of intrusion concentrate on?
> >
> > 2.  Is my hardware up to the task?  I currently have a Fortigate
> > Fortinet 50 configured for intrusion detection and prevention.  I am
> > currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
> > with a physical DMZ path.  The only questionable services allowed
> > through are FTP (requirement) and Terminal Services (requirement).
> >
> > 3.  What can I expect?  Any input is GREATLY appreciated.
>
> Expect a good assessment and concise reporting when its all done.
>
>
> Byron Copeland, IAM
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0
>
> iQA/AwUBP4TICmHZJr/4PEW4EQJQNACfeXXPEfxkjwhVYr89lprs2on9eJAAoLvM
> vxxlzxlgVYFulcIAE2XrX/yc
> =GcYw
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------