- USHE-assess - lists.utahtech.edu

SLCC Assessment update
by Andrew Goble 21 Mar '14

21 Mar '14

Hey guys, Updates on the SLCC Assessment: I have hotel rooms for Chuck, Mark, and myself. Dave and Dustin are commuting to SLCC each day. I plan on being at SLCC bright and early on the 24th with the strike package. External Scans are on track to start this Saturday, the 15th. I have ordered some equipment to help with miniaturizing the evil twin attack, I hope to have it all down to a battery pack, a rPi, and a USB adapter. The big setup will still be very effective for a parking lot situation. We still need a better way to track our efforts during the assessments, if anybody has ideas... Thanks, Andrew

1 1

Minaturization
by Goble, Andrew 15 Mar '14

15 Mar '14

Has been acheived. Battery running rPi, usb hub, and external usb wifi nic acting as an AP. All indications are this setup could run for hours. The battery pack will actually push the big AP too... not sure how much time we'd get out of it.

5 5

Please Please Please!!
by Jake Johansen 06 Mar '14

06 Mar '14

https://www.pwnieexpress.com/penetration-testing-vulnerability-assessment-p roducts/sensors/pwn-power/ Not the flashiest product they have but I know a multi-function printer or two that need a new power strip.

1 0

SLCC Assessment
by Andrew Goble 03 Mar '14

03 Mar '14

I heard back from Bill at SLCC, the week in March works best for them, I think he'd have preferred the April date but an important chunk of his staff is out for Ellucien Live or something like that. Plan for March 24 - 28 for SLCC's assessment. I'll start working on hotels and logistics. Just to confirm, Dustin is coming from the U? And I don't need to make hotel reservations for Dustin or Dave, right? Thanks, Andrew

4 6

Dixie Write-ups
by Chuck Kimber 21 Feb '14

21 Feb '14

First nudge to get your findings and write-ups for DSU in this week, so I can get them compiled. Mines already done and nobody can prove otherwise this time. :) Chuck

4 5

Internal Scans
by Andrew Goble 24 Jan '14

24 Jan '14

I've reconfigured the nessus box and it now has an interface on our internal network. The scanner's IP is 144.38.66.25 and you can use addresses in the 144.38.66.24/29 range during the assessment. ( I can get more in the 66 VLAN as needed, may not be contiguous.) This is the building subnet in the Holland building. It does not, by default, have privileged access to all campus networks, but I have full confidence in your abilities to get beyond that, or in Chuck's words, make me cry. I have not moved the outside interface of the strike package, its still accessible on 205.126.0.222. Mark, how do you feel about starting the internal scan tomorrow morning? We've probably got enough lead time that we can start a scan now of the whole internal environment and have it done by the time you all are here Monday. If you aren't confident in that, let me know and I'll provide you a list of the most interesting subnets and we can run a couple scans. Thanks, Andrew

3 3

Dixie Documentation
by Andrew Goble 19 Jan '14

19 Jan '14

The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th. The SANS worksheet will be forthcoming in a day or two. Thanks, Andrew

4 5

Dixie Hotels
by Andrew Goble 17 Jan '14

17 Jan '14

Dixie's assessment is scheduled for January 27 - 31. Hotel reservations are at the Courtyard Marriott. Reservation for DAVE NIELSEN Confirmation Number: 89534538 Reservation for MARK WALTON Confirmation Number: 89534537 Reservation for CHUCK KIMBER Confirmation Number: 89534536 Reservation for DUSTIN UDY Confirmation Number: 89534534 Reservation for COREY ROACH Confirmation Number: 89534541 I'll start working on SANS 20 stuff, should get that to you guys after the new year. Thanks, Andrew

1 2

Weber Report - Update
by Andrew Goble 09 Jan '14

09 Jan '14

Alright, I've gotten stuff back from everybody and am putting the report together for a first draft. Andrea has a meeting with a committee on Thursday afternoon, she has requested a draft by then if possible. I will post a first draft late tonight or first thing in the morning for your review. Will let you all know when it's posted. You'll have roughly 24 - 36 hours to review it. We can make big changes if necessary even after I send it to Andrea, but it would be nice if you could all take a look sometime tomorrow to make sure there aren't major glaring problems. Also, Jake sent in a couple of positive findings that I think I'll include in the report. if you have any positive findings you wish to highlight, please send those to me ASAP. I plan on having a single section devoted to that, so I just need to know what the positive finding is and a real brief blurb about it. Thanks, Andrew

1 3

Weber Report
by Andrew Goble 08 Jan '14

08 Jan '14

I've got almost everyone's report material and I'm making an effort to get this report draft finalized in the next couple of days. I will send out the report draft when it is ready and will give you guys about 36 - 48 hours to review it before I forward it on to Weber. I may muck around with wording and structure in the write-ups you have all given me for consistency in voice and what not. If I completely mung up what you intended to convey to Weber let me know and we can re-work things. A couple of things related to the report that I need some feedback from you on: 1. Jake has suggested we put some high-level recommendations drawn from the rest of the report directly in the executive summary. We haven't really done this in the past, just summarized what the format of the rest of the report would be. If we start doing this, it should be really concise in my thinking, but could be something along the lines of recommending Two-factor authentication, seperate administrative accounts, banning of all wireless devices, etc. Let me know what you think should be in that section. 2. In the past, we have included verbatim from the SANS controls the "How attackers take advantage of the lack of these controls" and the SANS recommendations "How to Implement, Automate, and Measure the Effectiveness of this Control" as part of our write-ups on each SANS control. I'm toying with the idea of dropping this practice of directly quoting all the SANS stuff and moving it to the references section. This would require us to beef up our own recommendations and make sure we mention that they should review the references to the SANS material. Thoughts? Lastly, does anybody have a PDF copy of the 2012ish SANS controls laying around? They are up to version 4.1 and I know there are some differences in the versions I want to review. I haven't scoured the internet looking for the older version yet, will do if one of you can't bail me out. Thanks, Andrew

6 5