Security Basics mailing list archives

RE: Initial Security assesment for a large university - what to ask?

From: "Murda" <murdamcloud () bigpond com>
Date: Thu, 1 Apr 2010 11:02:15 +1000

Security passes/ids, keys, documentation, any IT
equipment(phones/laptops/BB's/USB), configs.

Did they sign NDA's or contracts when starting that forbid any access after
termination?

Do they have any VPN or wireless access email accounts that need killing?

Do door codes or swipe card points need re-configuration?

When you start thinking about it, it's like user setup in reverse.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Camilo Olea
Sent: Thursday, April 01, 2010 3:40 AM
To: security-basics () securityfocus com
Subject: Initial Security assesment for a large university - what to ask?

Dear friends,

I've been asked to be part of a large project. A local college (in 
Cancun,MX) is changing administration, and as a part of it, seems like 
they are changing the whole IT team. My orders were clear "Make a list 
of all that they need to give to you, security-related".

I'm thinking:

- root logins and passwords for all servers/routers/etc


... and I stopped there. Any other ideas on what I should demand from them?

Thanks,
Camilo Olea

-Por favor piense en el medio ambiente antes de imprimir este mensaje- 
-Please think of the environment before printing this message-

La informacion  de  este correo es de caracter CONFIDENCIAL y PRIVADO y es
propiedad de GRUPO SUNSET. La privacidad  de esta comunicacion goza de
proteccion legal. Cualquier revision, retransmision, difusion o cualquier
otro uso de este correo, por personas o entidades distintas a las del
destinatario legitimo, queda expresamente prohibida. Si usted ha recibido
este mensaje por error, por favor avise inmediatamente al remitente
contestando y eliminando este correo. Las opiniones incluidas son del
remitente, y no necesariamente reflejan  la opinion de GRUPO SUNSET. Este
correo electronico no pretende ni debe ser considerado como constitutivo de
ninguna relacion legal, contractual o de otra indole similar.  No puede
garantizarse que las comunicaciones de Internet sean seguras, libres de
error o virus. Por lo tanto GRUPO SUNSET, no acepta responsabilidad alguna. 

The contents of this email are CONFIDENTIAL and PRIVATE in nature, and
remain the property of SUNSET GROUP. The privacy of this email is protected
by law. Any revision, forwarding, distribution or any other use of this
email, for persons or entities other than the legitimate addressee, is
forbidden. If you have received this message by mistake, please alert the
sender immediately by responding to and then eliminating this email. The
opinions expressed in this email are those of the sender, and may not
necessarily reflect the opinions of SUNSET GROUP. This email does not
constitute, nor should it be considered as confirmation of any legal,
contractual, or any other relationship. Internet communications cannot be
guaranteed to be secure or error-free, as information could be intercepted,
corrupted, lost, arrive late or contain viruses. SUNSET GROUP does not
accept liability for any errors or omissions in the context of this message
which could arise as a result of Internet
transmission.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Initial Security assesment for a large university - what to ask? Murda (Apr 01)
- <Possible follow-ups>
- Re: Initial Security assesment for a large university - what to ask? tas0584 (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Lorenzo Nicolodi (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Yousef Syed (Apr 01)
- Re: Initial Security assesment for a large university - what to ask? Stanislav Burlakov (Apr 01)
  - Re: Initial Security assesment for a large university - what to ask? Adam Mooz (Apr 05)