Security Basics mailing list archives
Re: NASA Security Audit
From: "Marcos E. Rodriguez" <mrodrigu () agape-tech com>
Date: Fri, 10 Oct 2003 16:50:27 -0400
Okay, I wouldn't answer THAT! lol, marcos ----- Original Message ----- From: "Morgado Alain" <amorgado () AeroKool com> To: "Raymer, Dan" <DRaymer () webmd net>; "'Byron Copeland'" <nodialtone () comcast net>; "'Gregory M. Brown'" <gbrown () alvalearning com>; <SECURITY-BASICS () securityfocus com> Sent: Friday, October 10, 2003 9:37 AM Subject: RE: NASA Security Audit
What kind of stuff will he uncover? -----Original Message----- From: Raymer, Dan [mailto:DRaymer () webmd net] Sent: Thursday, October 09, 2003 12:03 PM To: 'Byron Copeland'; 'Gregory M. Brown';
SECURITY-BASICS () securityfocus com
Subject: RE: NASA Security Audit Diceman did a lot of work with the DOE and DIA concerning anti-subversion/espionage techniques. His team is top notch. I have
never
heard of anyone actually losing a job over one of his assessments though. He will find things you will never even think about. Prepare to be embarrassed, humiliated, and humbled... but you will come out much smarter and more prepared in the end. -----Original Message----- From: Byron Copeland [mailto:nodialtone () comcast net] Sent: Wednesday, October 08, 2003 9:30 PM To: 'Gregory M. Brown'; SECURITY-BASICS () securityfocus com Subject: RE: NASA Security Audit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The "Diceman"? Yeah funny guy :) Really don't know Jay Diceman, but the NSA has a pretty squared away assessment team. Worked with them in the past.-----Original Message----- From: Gregory M. Brown [mailto:gbrown () alvalearning com] Sent: Wednesday, October 08, 2003 12:49 PM To: SECURITY-BASICS () SECURITYFOCUS COM Subject: NASA Security Audit Well it looks as though I am finally going to be tested by the Feds. According to my CTO, a guy named Jay Diceman will be the point man. Anyone ever hear of him? I hear he is a well known security expert (ex-hacker?)for the federal government. I have downloaded the Evaluated Security Configuration document created for Microsoft by Science Applications International Corporation. There are actually 2 of these. I think those .pdf's cover the Microsoft component. I don't even want him to get as far as any MS box.Probably already in them. I am fairly new to security (2years)and my final exam is going to be a "Black Box" test and a "Crystal" test from some heinously gifted hacker from NASA... 1. What exactly will these 2 forms of intrusion concentrate on? 2. Is my hardware up to the task? I currently have a Fortigate Fortinet 50 configured for intrusion detection and prevention. I am currently blocking 1300+ known attacks. My FW is a CheckPoint Celestix with a physical DMZ path. The only questionable services allowed through are FTP (requirement) and Terminal Services (requirement). 3. What can I expect? Any input is GREATLY appreciated.Expect a good assessment and concise reporting when its all done. Byron Copeland, IAM -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP4TICmHZJr/4PEW4EQJQNACfeXXPEfxkjwhVYr89lprs2on9eJAAoLvM vxxlzxlgVYFulcIAE2XrX/yc =GcYw -----END PGP SIGNATURE----- --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: NASA Security Audit, (continued)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
- Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
- RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
- Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)