RE: NASA Security Audit

["Johnson, Kevin" <Kevin.Johnson () bcbsfl com>]

Hi-

I guess I miss the point of this design.  It sounds like you are setting up a RedHat box to act as a firewall.  And 
while I agree that it would perform this responsibility wonderfully if configured correctly, it just sounds redundant.  
The network already has a firewall that could block these ports and protocols and if they misconfigure that, they would 
probably misconfigure the Linux box....

Kevin


-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com]
Sent: Thursday, October 09, 2003 2:17 AM
To: gbrown () alvalearning com; SECURITY-BASICS () SECURITYFOCUS COM
Subject: Re: NASA Security Audit


Hi there,
Have you considered putting another machine between the firewall and the 
server? I would suggest using redhat linux on this box, and customise some 
firewall rules. Look specificly at blocking out the dangerous port access on 
the network e.g rpc, netbois etc. Blocking this at the linux platform so he 
cant get through is a powerful way of shielding the flaws in microsoft 
architecture.
This is one method you might not have considered that you might like to look 
into - it can effectively make it near impossible to intrude on your server 
if implemented correctly.

Kindest of regards,


Hamish Stanaway

Absolute Web Hosting
Owner/Operator
Auckland
New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz





> From: "Gregory M. Brown" <gbrown () alvalearning com>
> To: <SECURITY-BASICS () SECURITYFOCUS COM>
> Subject: NASA Security Audit
> Date: Wed, 8 Oct 2003 10:48:59 -0600
> MIME-Version: 1.0
> Received: from outgoing3.securityfocus.com ([205.206.231.27]) by 
> mc4-f13.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 8 Oct 2003 
> 18:45:48 -0700
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 
> A8103A3111; Wed,  8 Oct 2003 16:40:33 -0600 (MDT)
> Received: (qmail 6920 invoked from network); 8 Oct 2003 10:39:35 -0000
> X-Message-Info: JGTYoYF78jGSUfm8nZq82rHHuToBhR+U
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Message-ID: 
> <CC26322EC1A3BA418C6C4C02F1D1DF084BC2 () dmaul hoth alvalearning com>
> X-MS-Has-Attach: X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
> X-MS-TNEF-Correlator: Thread-Topic: NASA Security Audit
> content-class: urn:content-classes:message
> Thread-Index: AcONvBHlelDwTg92Tza94lm/7REmFQ==
> Return-Path: 
> security-basics-return-24319-koremeltdown=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 09 Oct 2003 01:45:50.0741 (UTC) 
> FILETIME=[11952C50:01C38E07]
>
> Well it looks as though I am finally going to be tested by the Feds.
> According to my CTO, a guy named Jay Diceman will be the point man.
> Anyone ever hear of him?  I hear he is a well known security expert
> (ex-hacker?)for the federal government.  I have downloaded the Evaluated
> Security Configuration document created for Microsoft by Science
> Applications International Corporation.  There are actually 2 of these.
> I think those .pdf's cover the Microsoft component.  I don't even want
> him to get as far as any MS box.  I am fairly new to security (2years)
> and my final exam is going to be a "Black Box" test and a "Crystal" test
> from some heinously gifted hacker from NASA...
>
> 1.  What exactly will these 2 forms of intrusion concentrate on?
>
> 2.  Is my hardware up to the task?  I currently have a Fortigate
> Fortinet 50 configured for intrusion detection and prevention.  I am
> currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
> with a physical DMZ path.  The only questionable services allowed
> through are FTP (requirement) and Terminal Services (requirement).
>
> 3.  What can I expect?  Any input is GREATLY appreciated.
>
> Thanks.  Man I hope I still have a job in 2 weeks!
> gb
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

_________________________________________________________________
Instant message during games with MSN Messenger 6.0. Download it now FREE!  
http://msnmessenger-download.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------





Blue Cross Blue Shield of Florida, Inc., and its subsidiary and affiliate companies are not responsible for errors or 
omissions in this e-mail message. Any personal comments made in this e-mail do not reflect the views of Blue Cross Blue 
Shield of Florida, Inc.  The information contained in this document may be confidential and intended solely for the use 
of the individual or entity to whom it is addressed.  This document may contain material that is privileged or 
protected from disclosure under applicable law.  If you are not the intended recipient or the individual responsible 
for delivering to the intended recipient, please (1) be advised that any use, dissemination, forwarding, or copying of 
this document IS STRICTLY PROHIBITED; and (2) notify sender immediately by telephone and destroy the document. THANK 
YOU.



---------------------------------------------------------------------------
----------------------------------------------------------------------------