Security Basics mailing list archives

Re: NASA Security Audit

From: "Cl Clay" <cclay2 () csc com>
Date: Thu, 9 Oct 2003 17:32:20 -0400

Firstly, you are giving up too much information. Now if I were a
hacker/script kiddie lurking thru this newsgroup I know what exploits to
try.

I know what kind of firewall u are running. so now I can look up all the
vulnerabilities in Checkpoint
I know that FTP is running so now I hope you have it improperly
configured.
I know terminal services is running so now I can look up those
vulnerabilities as well.

Respectfully speaking, I think these are basic no no's.

-----------------------------------------------
----------------------------------------------------------------------------------------

"Gregory M.

Brown" <gbrown To: <SECURITY-BASICS () securityfocus com>

@alvalearning.co cc:

m> Subject: NASA Security Audit

10/08/2003 12:48

Well it looks as though I am finally going to be tested by the Feds.
According to my CTO, a guy named Jay Diceman will be the point man.
Anyone ever hear of him? I hear he is a well known security expert
(ex-hacker?)for the federal government. I have downloaded the Evaluated
Security Configuration document created for Microsoft by Science
Applications International Corporation. There are actually 2 of these.
I think those .pdf's cover the Microsoft component. I don't even want
him to get as far as any MS box. I am fairly new to security (2years)
and my final exam is going to be a "Black Box" test and a "Crystal" test
from some heinously gifted hacker from NASA...

1. What exactly will these 2 forms of intrusion concentrate on?

2. Is my hardware up to the task? I currently have a Fortigate
Fortinet 50 configured for intrusion detection and prevention. I am
currently blocking 1300+ known attacks. My FW is a CheckPoint Celestix
with a physical DMZ path. The only questionable services allowed
through are FTP (requirement) and Terminal Services (requirement).

3. What can I expect? Any input is GREATLY appreciated.

Thanks. Man I hope I still have a job in 2 weeks!
gb

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: NASA Security Audit, (continued)
- RE: NASA Security Audit Byron Copeland (Oct 09)
- Re: NASA Security Audit Eric (Oct 09)
- Re: NASA Security Audit Steve (Oct 09)
- Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)
- Re: NASA Security Audit KoRe MeLtDoWn (Oct 09)
  - Re: NASA Security Audit Anders Reed-Mohn (Oct 10)
- RE: NASA Security Audit Simons, Rick (Oct 09)
- RE: NASA Security Audit Raymer, Dan (Oct 09)
- RE: NASA Security Audit Johnson, Kevin (Oct 09)
  - RE: NASA Security Audit Mike (Oct 10)
- Re: NASA Security Audit Cl Clay (Oct 09)
  - Re: NASA Security Audit Meritt James (Oct 10)
- RE: NASA Security Audit Morgado Alain (Oct 10)
  - Re: NASA Security Audit Marcos E. Rodriguez (Oct 10)