Security Basics mailing list archives

RE: NASA Security Audit

From: "Mike" <throwaway () impole com>
Date: Fri, 10 Oct 2003 15:37:18 -0400

I think the point, correct me if I'm wrong, was to isolate the
damage when the FTP server was compromised.  <The last year has
been bad for FTP servers.>

Another firewall isolating the services you know will eventually
have problems, limiting incoming and especially outgoing traffic
is not a bad idea.  Have the "bad" server off the main switch/hub.
If you follow my reasoning?

Cheers
-Mike

-----Original Message-----
From: Johnson, Kevin [mailto:Kevin.Johnson () bcbsfl com]
Sent: Thursday, October 09, 2003 1:12 PM
To: SECURITY-BASICS () SECURITYFOCUS COM
Subject: RE: NASA Security Audit

Hi-

I guess I miss the point of this design.  It sounds like you are 
setting up a RedHat box to act as a firewall.  And while I agree 
that it would perform this responsibility wonderfully if 
configured correctly, it just sounds redundant.  The network 
already has a firewall that could block these ports and protocols 
and if they misconfigure that, they would probably misconfigure 
the Linux box....

Kevin

-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com]
Sent: Thursday, October 09, 2003 2:17 AM
To: gbrown () alvalearning com; SECURITY-BASICS () SECURITYFOCUS COM
Subject: Re: NASA Security Audit

Hi there,
Have you considered putting another machine between the firewall and the 
server? I would suggest using redhat linux on this box, and 
customise some 
firewall rules. Look specificly at blocking out the dangerous 
port access on 
the network e.g rpc, netbois etc. Blocking this at the linux 
platform so he 
cant get through is a powerful way of shielding the flaws in microsoft 
architecture.
This is one method you might not have considered that you might 
like to look 
into - it can effectively make it near impossible to intrude on 
your server 
if implemented correctly.

Kindest of regards,

Hamish Stanaway

Absolute Web Hosting
Owner/Operator
Auckland
New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz

From: "Gregory M. Brown" <gbrown () alvalearning com>
To: <SECURITY-BASICS () SECURITYFOCUS COM>
Subject: NASA Security Audit
Date: Wed, 8 Oct 2003 10:48:59 -0600
MIME-Version: 1.0
Received: from outgoing3.securityfocus.com ([205.206.231.27]) by 
mc4-f13.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed,

8 Oct 2003

18:45:48 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 
A8103A3111; Wed,  8 Oct 2003 16:40:33 -0600 (MDT)
Received: (qmail 6920 invoked from network); 8 Oct 2003 10:39:35 -0000
X-Message-Info: JGTYoYF78jGSUfm8nZq82rHHuToBhR+U
Mailing-List: contact security-basics-help () securityfocus com;

run by ezmlm

Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: 
<CC26322EC1A3BA418C6C4C02F1D1DF084BC2 () dmaul hoth alvalearning com>
X-MS-Has-Attach: X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
X-MS-TNEF-Correlator: Thread-Topic: NASA Security Audit
content-class: urn:content-classes:message
Thread-Index: AcONvBHlelDwTg92Tza94lm/7REmFQ==
Return-Path: 
security-basics-return-24319-koremeltdown=hotmail.com () securityfocus com
X-OriginalArrivalTime: 09 Oct 2003 01:45:50.0741 (UTC) 
FILETIME=[11952C50:01C38E07]

Well it looks as though I am finally going to be tested by the Feds.
According to my CTO, a guy named Jay Diceman will be the point man.
Anyone ever hear of him?  I hear he is a well known security expert
(ex-hacker?)for the federal government.  I have downloaded the Evaluated
Security Configuration document created for Microsoft by Science
Applications International Corporation.  There are actually 2 of these.
I think those .pdf's cover the Microsoft component.  I don't even want
him to get as far as any MS box.  I am fairly new to security (2years)
and my final exam is going to be a "Black Box" test and a "Crystal" test
from some heinously gifted hacker from NASA...

1.  What exactly will these 2 forms of intrusion concentrate on?

2.  Is my hardware up to the task?  I currently have a Fortigate
Fortinet 50 configured for intrusion detection and prevention.  I am
currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
with a physical DMZ path.  The only questionable services allowed
through are FTP (requirement) and Terminal Services (requirement).

3.  What can I expect?  Any input is GREATLY appreciated.

Thanks.  Man I hope I still have a job in 2 weeks!
gb









-----------------------------------------------------------------

----------

-----------------------------------------------------------------

-----------


_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it 
now FREE!  
http://msnmessenger-download.com


------------------------------------------------------------------
---------
------------------------------------------------------------------
----------





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and 
affiliate companies are not responsible for errors or omissions 
in this e-mail message. Any personal comments made in this e-mail 
do not reflect the views of Blue Cross Blue Shield of Florida, 
Inc.  The information contained in this document may be 
confidential and intended solely for the use of the individual or 
entity to whom it is addressed.  This document may contain 
material that is privileged or protected from disclosure under 
applicable law.  If you are not the intended recipient or the 
individual responsible for delivering to the intended recipient, 
please (1) be advised that any use, dissemination, forwarding, or 
copying of this document IS STRICTLY PROHIBITED; and (2) notify 
sender immediately by telephone and destroy the document. THANK YOU.



------------------------------------------------------------------
---------
------------------------------------------------------------------
----------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

PIX introduction, (continued)
- - PIX introduction Daniel Cid (Oct 09)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
  - Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
  - RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
  - Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
  - Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)