- USHE-assess - lists.utahtech.edu

Weber Report
by Andrew Goble 02 Jan '14

02 Jan '14

Hi Guys, We need to get serious on getting a draft of the Weber report together, they are starting to ask about their report and when they can expect it. I've got some material back only from Dave at this point. Please get your materials together and send them to me. I'll compile and otherwise mangle them together and send out a draft for you to review before we provide it to Weber. I would like to have something to them by the end of next week at the latest. Thanks, Andrew

1 1

Report Template
by Andrew Goble 17 Dec '13

17 Dec '13

I've uploaded a document called report template up to ushedump. Its a rough outline of the format for this year's reports. I borrowed some of the language and formatting I liked from last year's reports, and have reworked some of the stuff as well. This does not include any specific findings or recommendations yet. Its also not prettied-up or formatted much beyond very basic headings and such; we can do that later. Please take a look and let me know if you have any serious structural issues with the way I have things laid out. Also, I'll take your report findings any time. I'd like to have something to Weber by the first week of the new year at the latest. If you have any questions, please let me know. Thanks, Andrew

1 0

WSU Report
by Andrew Goble 13 Dec '13

13 Dec '13

Just wanted to remind you all that I'll be needing your WSU material and write-ups. I'm working on the base template for the reports this year and will send that out when I have it ready. I'll taking some of the things I liked about the format last year and making some new changes as well. If you had a SANS control, please follow last year's format of: MATURITY SCORE: w/ reference to last year's score and any change ASSESSMENT FINDINGS: TESTS AND METRICS: RECOMMENDATIONS: REFERENCES: COMMENTS (optional): Any editorializing or other information you wish to offer the institution that doesn't fit in the above sections. Otherwise, please just organize your pen-test findings, screenshots, tool reports, etc. Maybe something like: FINDINGS: ie, what you were able to do, get to, etc. TESTS: How you did it. RECOMMENDATIONS: w/ a tie-back to specific SANS controls that would mitigate your attack vector. Thanks, Andrew

1 0

Strike Package
by Andrew Goble 10 Dec '13

10 Dec '13

Teh strike package is back up on 205.126.0.222

1 0

WSU Assessment Follow-up Stuff
by Andrew Goble 09 Dec '13

09 Dec '13

Hi guys, Sorry I meant to get this to you earlier but we've had a wild morning here today... overheating data centers and burst pipes and what not... Its a problem when its 25 degrees colder than what the systems were designed for. Remember that the payment process looks like this: Your institution invoices the U for $2500. ---> The U pays out with USHE HETI funds to your institution for the $2500 ---> Your institution pays you however they see fit, usually minus taxes and retirement and what not. All invoices for payment on the assessments should be forwarded to: Matt Timpson Accountant 101 Wasatch Drive, Room 215 Salt Lake City, UT 8112-1792 Email : mtimpson(a)media.utah.edu Phone: 801-585-0470 Matt should also be contacting you with copies of your travel reimbursements. I'm also going to get the strike package back online with its original IP address, 205.126.0.222, hopefully this afternoon, in case you need any information off of it to finish WSU stuff. More details on the report later when I get a free minute. Thanks, Andrew

1 0

Weber Status Update
by Andrew Goble 26 Nov '13

26 Nov '13

Hey Guys, Updates on several fronts: Should have the SANS 20 document back from Weber today or tomorrow. I have a SSH/SFTP box set up and I'll be getting you all account info soon. We're running an external scan starting Tuesday morning next week. Hotel: We are staying at the Odgen Summit (ex-Marriott) 247 24th Street Odgen, Utah Reservation numbers: Mark - 14500 Chuck - 14501 Dave - 14502 Jake - 14503 Mark and I will be arriving Sunday night and will be at Weber first thing Monday morning to get the Strike Package set up and the internal scans kicked off. Everyone else has rooms starting Monday night. Strike Package: I will likely be updating code on the firewall first thing tomorrow morning, so it may be semi-unavailable for a while tomorrow. I fixed a permissions issue on the ESXi host that was preventing some people from getting in to work on VMs and such, access for the users we set up should work now. Let me know if you have any issues getting in. Thanks, Andrew

1 1

Weber
by Andrew Goble 25 Nov '13

25 Nov '13

We are 1 week out on the Weber assessment. If you are coming on this assessment, please send me a color headshot picture of yourself that we can affix to your GOoJF documentation. If you don't have one available, we'll take a cell phone picture Monday afternoon and bum a color printer off somebody. I should have details on what building we'll be housed in hopefully today, and will find out what we need to park on campus for the week. I will have a state minivan and we can use that to carpool as much as possible if that works for everyone. Thanks, Andrew

1 1

Weber Final Report - 2012
by Mark Walton 22 Nov '13

22 Nov '13

Andrew, Can we put a copy of Weber's final report for their last assessment in the ushedump site? For those controls that have changed, it would be nice to see what was written by the last assessment team for those controls. Mark

2 2

Weber SANS Results
by Andrew Goble 22 Nov '13

22 Nov '13

Andrea has gotten Weber's SANS questionnaire back to us. It is currently located on the SSH/SFTP box I have set up for the assessments. ushedump.dixie.edu:10222 I'll get in touch with you all separately to communicate username and password. Document can be found in the agrover folder. Thanks, Andrew

1 0

Nessus Settings
by Mark Walton 19 Nov '13

19 Nov '13

All, Andrew has asked me that I configure Nessus for our Weber scan. I just wanted to post the suggested settings and solicit input from those of you that also use Nessus. Chuck, I know USU uses Nessus extensively, so maybe you have some recommendations, especially for an organization of a larger scale. *Port Scanning Settings:* Port Scan Range: all Consider Unscanned Ports as Closed: false Nessus SNMP Scanner: true Nessus UDP scanner: true netstat portscanner (SSH): false Ping the remote host: true Netstat Portscanner (WMI): false Nessus TCP scanner: true Nessus SYN scanner: false *Performance:* Max Checks Per Host: 5 Max Hosts Per Scan: 100 Network Receive Timeout: 5 Max Simultaneous TCP Sessions: unlimited Max Simultaneous TCP Sessions Per Scan: unlimited Reduce Parallel Connections on Congestion: true Use Kernel Congestion Detection: true *Advanced:* Safe Checks: true Silent Dependencies: true Log Scan Details to Server: true Stop Host Scan on Disconnect: true Avoid Sequential Scans: false Designate Hosts by their DNS Name: false *Plugins*: All enabled except for Denial of Service. *Preferences:* Do not scan fragile devices: Scan Network Printers: false Scan Novell Netware hosts: true All other preferences have the default values.

1 0