Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Internet Security Review

From: Bennett Todd <bet () rahul net>
Date: Mon, 13 Oct 1997 07:38:39 -0700
On Mon, Oct 13, 1997 at 02:15:55AM -0400, Mark Teicher wrote:

What are people's thoughts on what an Internet Security Review is??  
What tools or programs would one use while conducting one, and how 
would one go about conducting one?


I just had some auditors do the first really great internet security
review I've ever seen. Actually, it was internet, intranet, the
whole schmeer.

In broad outline, they started by hitting me with a series of
``scenarios''. For example, one of the scenarios was ``My site just
got attacked by someone coming out of your site. I note that you
are the technical contact listed in the whois database, so I call
you and let you know. What do you do?''.

I talked through how I'd respond to various situations. From that
they got a quick sketch of our security stance and the people
involved in implementing it. Then they asked more detailed
questions: what versions of what software are you running on this
box and that box? What do you see if you hit your firewall with
strobe(1)? What do the logs look like?

Finally, based on the details from the previous round of grilling,
they brought in specific burglary tools --- scripts for burgling the
sendwhale (``If you push it, it falls right over!''), portmapper
exploits, YP hacks, etc.

Most educational!

-Bennett
Previous By Date Next
Previous By Thread Next

Current thread: