NASA Security Audit

From: Gregory M. Brown (
Date: 10/08/03

  • Next message: Kenneth Buchanan: "RE: Basic Questions about PKI"
    Date: Wed, 8 Oct 2003 10:48:59 -0600

    Well it looks as though I am finally going to be tested by the Feds.
    According to my CTO, a guy named Jay Diceman will be the point man.
    Anyone ever hear of him? I hear he is a well known security expert
    (ex-hacker?)for the federal government. I have downloaded the Evaluated
    Security Configuration document created for Microsoft by Science
    Applications International Corporation. There are actually 2 of these.
    I think those .pdf's cover the Microsoft component. I don't even want
    him to get as far as any MS box. I am fairly new to security (2years)
    and my final exam is going to be a "Black Box" test and a "Crystal" test
    from some heinously gifted hacker from NASA...

    1. What exactly will these 2 forms of intrusion concentrate on?

    2. Is my hardware up to the task? I currently have a Fortigate
    Fortinet 50 configured for intrusion detection and prevention. I am
    currently blocking 1300+ known attacks. My FW is a CheckPoint Celestix
    with a physical DMZ path. The only questionable services allowed
    through are FTP (requirement) and Terminal Services (requirement).

    3. What can I expect? Any input is GREATLY appreciated.

    Thanks. Man I hope I still have a job in 2 weeks!



  • Next message: Kenneth Buchanan: "RE: Basic Questions about PKI"