Security Basics mailing list archives
RE: NASA Security Audit
From: "Raymer, Dan" <DRaymer () webmd net>
Date: Thu, 9 Oct 2003 12:03:18 -0500
Diceman did a lot of work with the DOE and DIA concerning anti-subversion/espionage techniques. His team is top notch. I have never heard of anyone actually losing a job over one of his assessments though. He will find things you will never even think about. Prepare to be embarrassed, humiliated, and humbled... but you will come out much smarter and more prepared in the end. -----Original Message----- From: Byron Copeland [mailto:nodialtone () comcast net] Sent: Wednesday, October 08, 2003 9:30 PM To: 'Gregory M. Brown'; SECURITY-BASICS () securityfocus com Subject: RE: NASA Security Audit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The "Diceman"? Yeah funny guy :) Really don't know Jay Diceman, but the NSA has a pretty squared away assessment team. Worked with them in the past.
-----Original Message----- From: Gregory M. Brown [mailto:gbrown () alvalearning com] Sent: Wednesday, October 08, 2003 12:49 PM To: SECURITY-BASICS () SECURITYFOCUS COM Subject: NASA Security Audit Well it looks as though I am finally going to be tested by the Feds. According to my CTO, a guy named Jay Diceman will be the point man. Anyone ever hear of him? I hear he is a well known security expert (ex-hacker?)for the federal government. I have downloaded the Evaluated Security Configuration document created for Microsoft by Science Applications International Corporation. There are actually 2 of these. I think those .pdf's cover the Microsoft component. I don't even want him to get as far as any MS box.
Probably already in them. I am fairly new to security (2years)
and my final exam is going to be a "Black Box" test and a "Crystal" test from some heinously gifted hacker from NASA... 1. What exactly will these 2 forms of intrusion concentrate on? 2. Is my hardware up to the task? I currently have a Fortigate Fortinet 50 configured for intrusion detection and prevention. I am currently blocking 1300+ known attacks. My FW is a CheckPoint Celestix with a physical DMZ path. The only questionable services allowed through are FTP (requirement) and Terminal Services (requirement). 3. What can I expect? Any input is GREATLY appreciated.
Expect a good assessment and concise reporting when its all done. Byron Copeland, IAM -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBP4TICmHZJr/4PEW4EQJQNACfeXXPEfxkjwhVYr89lprs2on9eJAAoLvM vxxlzxlgVYFulcIAE2XrX/yc =GcYw -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- NASA Security Audit Gregory M. Brown (Oct 08)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)
- PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- <Possible follow-ups>
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
- Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
- RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
- Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- Re: NASA Security Audit Roger A. Grimes (Oct 09)