Security Basics mailing list archives

Re: NASA Security Audit

From: "KoRe MeLtDoWn" <koremeltdown () hotmail com>
Date: Thu, 09 Oct 2003 06:17:26 +0000

Hi there,

Have you considered putting another machine between the firewall and theserver? I would suggest using redhat linux on this box, and customise somefirewall rules. Look specificly at blocking out the dangerous port access onthe network e.g rpc, netbois etc. Blocking this at the linux platform so hecant get through is a powerful way of shielding the flaws in microsoftarchitecture.This is one method you might not have considered that you might like to lookinto - it can effectively make it near impossible to intrude on your serverif implemented correctly.


Kindest of regards,


Hamish Stanaway

Absolute Web Hosting
Owner/Operator
Auckland
New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz

From: "Gregory M. Brown" <gbrown () alvalearning com>
To: <SECURITY-BASICS () SECURITYFOCUS COM>
Subject: NASA Security Audit
Date: Wed, 8 Oct 2003 10:48:59 -0600
MIME-Version: 1.0

Received: from outgoing3.securityfocus.com ([205.206.231.27]) bymc4-f13.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 8 Oct 200318:45:48 -0700Received: from lists.securityfocus.com (lists.securityfocus.com[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPidA8103A3111; Wed, 8 Oct 2003 16:40:33 -0600 (MDT)

Received: (qmail 6920 invoked from network); 8 Oct 2003 10:39:35 -0000
X-Message-Info: JGTYoYF78jGSUfm8nZq82rHHuToBhR+U
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com

Message-ID:<CC26322EC1A3BA418C6C4C02F1D1DF084BC2 () dmaul hoth alvalearning com>

X-MS-Has-Attach: X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
X-MS-TNEF-Correlator: Thread-Topic: NASA Security Audit
content-class: urn:content-classes:message
Thread-Index: AcONvBHlelDwTg92Tza94lm/7REmFQ==

Return-Path:security-basics-return-24319-koremeltdown=hotmail.com () securityfocus comX-OriginalArrivalTime: 09 Oct 2003 01:45:50.0741 (UTC)FILETIME=[11952C50:01C38E07]


Well it looks as though I am finally going to be tested by the Feds.
According to my CTO, a guy named Jay Diceman will be the point man.
Anyone ever hear of him?  I hear he is a well known security expert
(ex-hacker?)for the federal government.  I have downloaded the Evaluated
Security Configuration document created for Microsoft by Science
Applications International Corporation.  There are actually 2 of these.
I think those .pdf's cover the Microsoft component.  I don't even want
him to get as far as any MS box.  I am fairly new to security (2years)
and my final exam is going to be a "Black Box" test and a "Crystal" test
from some heinously gifted hacker from NASA...

1.  What exactly will these 2 forms of intrusion concentrate on?

2.  Is my hardware up to the task?  I currently have a Fortigate
Fortinet 50 configured for intrusion detection and prevention.  I am
currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
with a physical DMZ path.  The only questionable services allowed
through are FTP (requirement) and Terminal Services (requirement).

3.  What can I expect?  Any input is GREATLY appreciated.

Thanks.  Man I hope I still have a job in 2 weeks!
gb









---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________

Instant message during games with MSN Messenger 6.0. Download it now FREE!http://msnmessenger-download.com



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

NASA Security Audit Gregory M. Brown (Oct 08)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)
  - PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- <Possible follow-ups>
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
  - Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
  - RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
  - Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
  - Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)