Home page logo
/

basics logo Security Basics mailing list archives

Re: Initial Security assesment for a large university - what to ask?
From: Adam Mooz <adam.mooz () gmail com>
Date: Thu, 1 Apr 2010 20:22:04 -0400

- ACL's for everything.
- Do a physical walk around each network closet, each lab, and physically inspect everything.  You're sure to come up 
with quite a few question
- Ask about any 'gotcha's that the network has.
- Get historical data for network load and go through them so you know how to spot unusual spikes
- Find out about the patching cycle
- Ask how the backup system works, offsiet, on site, rotation, etc.  Get acquainted with the courier.
- DRP.  For this see if any of them are willing to be put on a 'call list' incase you have to activate your DRP and get 
stuck.
- Get network maps.  Subnets, vlans, the whole shebang.  Get map of the physical infrastructure, compare them so you 
know what is what.  Get these maps printed, on a plotter, and go through them with the network guys, write directly on 
the map so you don't get confused later.
        - On this note get a similar map of what you control, and what you don't.  For instance, at my school there is 
the university network controlled network which handles the WiFi, res, etc.  Then there is the School of Computer 
Science which runs it's own network; I believe it's hooked up to the universities network.  
- You'll probably also be in control of the telephony system, get familiar with that.  
- Go through all SLA's that you hold and are held against you.  Meet with as many people as you can so, if shit hits 
the fan, the ice breaker won't be along the lines of "so...about that support...where is it?".  If you're at least not 
just a name on a piece of paper to these people you'll be in much better shape when things go wrong.
- Find out of any equipment 'phones home.'  For example, I know some high-end servers and backup drives will 'phone 
home' when theres a problem and suddenly you'll have techs at your door, parts in hand.
- Look at your spare parts closet, if you have one.  Go through the stock and find out what goes for what, the age, and 
clean out anything that's too outdated to be of use.

Do all this with a notebook handy and take very good notes.  Don't be afraid to 'shake things up', don't just accept 
something and use it because "that's the way it was when I got here."  IMO this is NOT a valid justification for 
something.  That being said, don't shake things up just for the sake of it.  What I'm trying to say is make sure you 
don't let them go before you've got all the answers, once they're gone you're at their mercy for getting questions 
answered, usually.  Hope this helps a bit...this is all coming from a student's perspective so there's bound to be a 
lot more experience out there that can help some more then me. 

-----------------------------------------------------------------
Adam Mooz
Adam.Mooz () gmail com
http://www.AdamMooz.com

On 2010-04-01, at 6:00 AM, Stanislav Burlakov wrote:

Hi Camilo,

You might also want to ask for ACL's for these, since things like IPS, some servers and switches can probably be 
accessed only from certain machines. Also asking them for documentation that they've written about system set-p, IPS 
rules, etc, may be useful. Finally, you want to know where all the logs / alarms go (assuming they don't have a 
central log server), and where to reconfigure them to point to new emails / pager numbers.

Also what not to do to trigger IDS (incase it has some sort of active response)


Hope this helps!

Stan





Camilo Olea wrote:
Dear friends,

I've been asked to be part of a large project. A local college (in Cancun,MX) is changing administration, and as a 
part of it, seems like they are changing the whole IT team. My orders were clear "Make a list of all that they need 
to give to you, security-related".

I'm thinking:

- root logins and passwords for all servers/routers/etc


... and I stopped there. Any other ideas on what I should demand from them?

Thanks,
Camilo Olea

-Por favor piense en el medio ambiente antes de imprimir este mensaje- -Please think of the environment before 
printing this message-

La informacion  de  este correo es de caracter CONFIDENCIAL y PRIVADO y es propiedad de GRUPO SUNSET. La privacidad  
de esta comunicacion goza de proteccion legal. Cualquier revision, retransmision, difusion o cualquier otro uso de 
este correo, por personas o entidades distintas a las del destinatario legitimo, queda expresamente prohibida. Si 
usted ha recibido este mensaje por error, por favor avise inmediatamente al remitente contestando y eliminando este 
correo. Las opiniones incluidas son del remitente, y no necesariamente reflejan  la opinion de GRUPO SUNSET. Este 
correo electronico no pretende ni debe ser considerado como constitutivo de ninguna relacion legal, contractual o de 
otra indole similar.  No puede garantizarse que las comunicaciones de Internet sean seguras, libres de error o 
virus. Por lo tanto GRUPO SUNSET, no acepta responsabilidad alguna. 
The contents of this email are CONFIDENTIAL and PRIVATE in nature, and remain the property of SUNSET GROUP. The 
privacy of this email is protected by law. Any revision, forwarding, distribution or any other use of this email, 
for persons or entities other than the legitimate addressee, is forbidden. If you have received this message by 
mistake, please alert the sender immediately by responding to and then eliminating this email. The opinions 
expressed in this email are those of the sender, and may not necessarily reflect the opinions of SUNSET GROUP. This 
email does not constitute, nor should it be considered as confirmation of any legal, contractual, or any other 
relationship. Internet communications cannot be guaranteed to be secure or error-free, as information could be 
intercepted, corrupted, lost, arrive late or contain viruses. SUNSET GROUP does not accept liability for any errors 
or omissions in the context of this message which could arise as a result of Internet
transmission.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

 



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


Attachment: smime.p7s
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault