Re: [Full-Disclosure] NASA experience

From: Curt Purdy (purdy_at_tecman.com)
Date: 10/18/03

  • Next message: Curt Purdy: "RE: [inbox] [Full-Disclosure] Problems with MS03-042 (KB826232) patch?" 
    To: <jason.full-disclosure@compnski.com>, <full-disclosure@lists.netsys.com>
Date: Fri, 17 Oct 2003 17:18:01 -0500

    > From my experience working at NASA (moffet field as an intern one
    > summer) was that their IT department (in my building) was good at what
    > they did but had a pretty restrictive security policy (which is a good
    > thing i guess). So i would rate them as excellent although too
    > restrictive.
    > --
    > Jason Freidman <jason.full-disclosure@compnski.com>

    Since a primary tenant of all good security policies is the principle of
    least privilage that baisically states that no-one should have more access
    than the absolute minimum necessary to do their job. Of course no-one
    really does this that I have seen. But a good yard-stick of your security
    policy and implementation is if everyone complains it is too strict.

    As long as you have the support of managment, this is when I feel most
    comfortable. It looks like NASA is doing it right, which I have always
    heard. Being ahead of the curve, 4 years ago they instituted a comprehenive
    vullnerability assessment and patching and remediation program that turned
    the hostile penetration rate from over 20% to less than 1% in a year.

    Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
    Information Security Engineer
    DP Solutions

    ----------------------------------------

    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
    -- White House cybersecurity adviser Richard Clarke

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Curt Purdy: "RE: [inbox] [Full-Disclosure] Problems with MS03-042 (KB826232) patch?"

    Relevant Pages

    • Re: FOBS as a Primary Motivator for Human Spaceflight
      ... There is not even any 'security clearance' excuse that I am ... So if we see NASA turn to the US military to hire CEV ... hiring ex-military pilots to fly their airplanes, ... either seat was an active duty member of DoD, ...
      (sci.space.history)
    • [Full-Disclosure] Explanations about the NASA security issues and confused people
      ... Some people is a little confused with the NASA related security ... Technologies Security) contacted me for solve the issues. ... 4.- I provided an accesscode to see the advisory for the NASA staff. ...
      (Full-Disclosure)
    • Re: NASA to review security after shooting
      ... Okay...now terrorists know who much "security" NASA really has. ... NASA to review security after shooting By MONICA RHOR, ... contract worker sneaked a handgun into the Johnson Space Center and ... NASA and police identified the gunman as 60-year-old William Phillips. ...
      (misc.survivalism)
    • Re: NASA to review security after shooting
      ... NASA to review security after shooting By MONICA RHOR, ... NASA and police identified the gunman as 60-year-old William Phillips. ...
      (misc.survivalism)
    • Re: NASA to review security after shooting
      ... NASA to review security after shooting By MONICA RHOR, ... contract worker sneaked a handgun into the Johnson Space Center and ... NASA and police identified the gunman as 60-year-old William Phillips. ...
      (misc.survivalism)