Home page logo

basics logo Security Basics mailing list archives

Re: NASA Security Audit
From: "Steve" <securityfocus () delahunty com>
Date: Wed, 8 Oct 2003 22:39:54 -0400

Here is a non-technical tangent about regulations/documentation.  An audit
by anyone associated with the government would likely include a thorough
review of the policies and plans as well.  For instance various NIST
publications/guidelines require security plans by major application, risk
analysis, disaster recovery plans with annual testing and documentation, and
more.  I have electronic versions of some of these NIST guidelines if you
want them.

----- Original Message ----- 
From: "Gregory M. Brown" <gbrown () alvalearning com>
Sent: Wednesday, October 08, 2003 12:48 PM
Subject: NASA Security Audit

Well it looks as though I am finally going to be tested by the Feds.
According to my CTO, a guy named Jay Diceman will be the point man.
Anyone ever hear of him?  I hear he is a well known security expert
(ex-hacker?)for the federal government.  I have downloaded the Evaluated
Security Configuration document created for Microsoft by Science
Applications International Corporation.  There are actually 2 of these.
I think those .pdf's cover the Microsoft component.  I don't even want
him to get as far as any MS box.  I am fairly new to security (2years)
and my final exam is going to be a "Black Box" test and a "Crystal" test
from some heinously gifted hacker from NASA...

1.  What exactly will these 2 forms of intrusion concentrate on?

2.  Is my hardware up to the task?  I currently have a Fortigate
Fortinet 50 configured for intrusion detection and prevention.  I am
currently blocking 1300+ known attacks.  My FW is a CheckPoint Celestix
with a physical DMZ path.  The only questionable services allowed
through are FTP (requirement) and Terminal Services (requirement).

3.  What can I expect?  Any input is GREATLY appreciated.

Thanks.  Man I hope I still have a job in 2 weeks!



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]