Security Basics mailing list archives

Re: Initial Security assesment for a large university - what to ask?

From: tas0584 () gmail com
Date: Thu, 1 Apr 2010 03:30:35 +0000

Hi,

This totally depends on the administrattion standard the team follows. Some quick pointers could be,

1. The username and passwords as you mentioned
2.  Documented configurations of every  router and server.
3. The last update reports of the all the systems on the network like the antivirus, patch update, router ios updates 
etc.
4. Detailed network design diagram will be very critical. That will give you the present status of the setup. Ensure 
nothing is missed in the network diagram.
5. List of profiles that are created on the each of the systems for the admin team.
6. The cron jobs or any schedulers that are running on the netwrok for a specific task. 
6. Handholding from key players in the IT team to the new guys on board.
7. Details and SLA's with third party vendors. Especially the vendors that give remote support.
 
Etc.

-
Taufiq
www.niiconsulting.com

Sent from BlackBerry® - Vodafone

-----Original Message-----
From: Camilo Olea <colea () sunset com mx>
Date: Wed, 31 Mar 2010 11:40:17 
To: <security-basics () securityfocus com>
Subject: Initial Security assesment for a large university - what to ask?

Dear friends,

I've been asked to be part of a large project. A local college (in 
Cancun,MX) is changing administration, and as a part of it, seems like 
they are changing the whole IT team. My orders were clear "Make a list 
of all that they need to give to you, security-related".

I'm thinking:

- root logins and passwords for all servers/routers/etc


... and I stopped there. Any other ideas on what I should demand from them?

Thanks,
Camilo Olea

-Por favor piense en el medio ambiente antes de imprimir este mensaje- 
-Please think of the environment before printing this message-

La informacion  de  este correo es de caracter CONFIDENCIAL y PRIVADO y es propiedad de GRUPO SUNSET. La privacidad  de 
esta comunicacion goza de proteccion legal. Cualquier revision, retransmision, difusion o cualquier otro uso de este 
correo, por personas o entidades distintas a las del destinatario legitimo, queda expresamente prohibida. Si usted ha 
recibido este mensaje por error, por favor avise inmediatamente al remitente contestando y eliminando este correo. Las 
opiniones incluidas son del remitente, y no necesariamente reflejan  la opinion de GRUPO SUNSET. Este correo 
electronico no pretende ni debe ser considerado como constitutivo de ninguna relacion legal, contractual o de otra 
indole similar.  No puede garantizarse que las comunicaciones de Internet sean seguras, libres de error o virus. Por lo 
tanto GRUPO SUNSET, no acepta responsabilidad alguna. 

The contents of this email are CONFIDENTIAL and PRIVATE in nature, and remain the property of SUNSET GROUP. The privacy 
of this email is protected by law. Any revision, forwarding, distribution or any other use of this email, for persons 
or entities other than the legitimate addressee, is forbidden. If you have received this message by mistake, please 
alert the sender immediately by responding to and then eliminating this email. The opinions expressed in this email are 
those of the sender, and may not necessarily reflect the opinions of SUNSET GROUP. This email does not constitute, nor 
should it be considered as confirmation of any legal, contractual, or any other relationship. Internet communications 
cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, arrive late or 
contain viruses. SUNSET GROUP does not accept liability for any errors or omissions in the context of this message 
which could arise as a result of Internet
transmission.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Initial Security assesment for a large university - what to ask? Murda (Apr 01)
- <Possible follow-ups>
- Re: Initial Security assesment for a large university - what to ask? tas0584 (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Lorenzo Nicolodi (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Yousef Syed (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Stanislav Burlakov (Apr 01)
  - Re: Initial Security assesment for a large university - what to ask? Adam Mooz (Apr 05)