Security Basics mailing list archives

RE: NASA Security Audit

From: "Byron Copeland" <nodialtone () comcast net>
Date: Wed, 8 Oct 2003 22:29:31 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The "Diceman"?  Yeah funny guy :)  Really don't know Jay Diceman, but the NSA has a pretty squared away assessment 
team.  Worked with them in the past.

-----Original Message-----
From: Gregory M. Brown [mailto:gbrown () alvalearning com]
Sent: Wednesday, October 08, 2003 12:49 PM
To: SECURITY-BASICS () SECURITYFOCUS COM
Subject: NASA Security Audit

Well it looks as though I am finally going to be tested by the Feds.
According to my CTO, a guy named Jay Diceman will be the point man.
Anyone ever hear of him?  I hear he is a well known security expert
(ex-hacker?)for the federal government.  I have downloaded the Evaluated
Security Configuration document created for Microsoft by Science
Applications International Corporation.  There are actually 2 of these.
I think those .pdf's cover the Microsoft component.  I don't even want
him to get as far as any MS box.


Probably already in them.

I am fairly new to security (2years)

and my final exam is going to be a "Black Box" test and a "Crystal" test
from some heinously gifted hacker from NASA...

1.  What exactly will these 2 forms of intrusion concentrate on?

2.  Is my hardware up to the task?  I currently have a Fortigate
Fortinet 50 configured for intrusion detection and prevention.  I am
currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
with a physical DMZ path.  The only questionable services allowed
through are FTP (requirement) and Terminal Services (requirement).

3.  What can I expect?  Any input is GREATLY appreciated.


Expect a good assessment and concise reporting when its all done.

 
Byron Copeland, IAM

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP4TICmHZJr/4PEW4EQJQNACfeXXPEfxkjwhVYr89lprs2on9eJAAoLvM
vxxlzxlgVYFulcIAE2XrX/yc
=GcYw
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

NASA Security Audit Gregory M. Brown (Oct 08)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)
  - PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- <Possible follow-ups>
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
  - Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
  - RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)

(Thread continues...)