The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew
Our SANS questionnaire is up too...
I plan to build a wiki / samba box on the strike package for use this assessment and in the future. Now's the time to get any tools you need for the upcoming assessment ready. I think we have a clean snapshot of the backtrack boxes we can revert to / copy from.
Thanks, Andrew
On 01/13/2014 04:32 PM, Andrew Goble wrote:
The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
So it looks like we need to review the following controls:
Control 3 Control 6 Control 7 Control 16 Control 19
Do we need to assign out who is going to review each control? I can do Control 6 since I did that one with Weber.
Mark
On Thu, Jan 16, 2014 at 8:29 PM, Andrew Goble goble@dixie.edu wrote:
Our SANS questionnaire is up too...
I plan to build a wiki / samba box on the strike package for use this assessment and in the future. Now's the time to get any tools you need for the upcoming assessment ready. I think we have a clean snapshot of the backtrack boxes we can revert to / copy from.
Thanks, Andrew
On 01/13/2014 04:32 PM, Andrew Goble wrote:
The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
I can handle #6 and #16, btw.
On Fri, Jan 17, 2014 at 2:19 PM, Mark Walton walton@suu.edu wrote:
So it looks like we need to review the following controls:
Control 3 Control 6 Control 7 Control 16 Control 19
Do we need to assign out who is going to review each control? I can do Control 6 since I did that one with Weber.
Mark
On Thu, Jan 16, 2014 at 8:29 PM, Andrew Goble goble@dixie.edu wrote:
Our SANS questionnaire is up too...
I plan to build a wiki / samba box on the strike package for use this assessment and in the future. Now's the time to get any tools you need for the upcoming assessment ready. I think we have a clean snapshot of the backtrack boxes we can revert to / copy from.
Thanks, Andrew
On 01/13/2014 04:32 PM, Andrew Goble wrote:
The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
FYI,
Mark's going to start the external scan on Tuesday morning.
The strike package is up on 205.126.0.222 if you plan to get in and do anything with VMs, etc. The scanner box is now on 172.16.200.50.
Thanks, Andrew
On 01/13/2014 04:32 PM, Andrew Goble wrote:
The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
Hey Mark,
If it isn't enabled, could you enable cgi scanning for these next scans?
http://www.tenable.com/blog/tips-for-using-nessus-in-web-application-testing
I would like to focus on web applications. This feature tends to turn up more default web configurations.
Dave Nielsen (nielseda@uvu.edumailto:nielseda@uvu.edu) UVU / OIT Security
On Jan 17, 2014, at 2:58 PM, "Andrew Goble" <goble@dixie.edumailto:goble@dixie.edu> wrote:
FYI,
Mark's going to start the external scan on Tuesday morning.
The strike package is up on 205.126.0.222 if you plan to get in and do anything with VMs, etc. The scanner box is now on 172.16.200.50.
Thanks, Andrew
On 01/13/2014 04:32 PM, Andrew Goble wrote: The Dixie Statement of Work / Rules of Engagement document is up in my home directory on USHEdump. It has our IP space for scans listed there. I'm thinking we should plan for an external scan early next week and internal scanning the weekend of the 25th.
The SANS worksheet will be forthcoming in a day or two.
Thanks, Andrew _______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
_______________________________________________ USHE-assess mailing list USHE-assess@lists.dixie.edumailto:USHE-assess@lists.dixie.edu http://lists.dixie.edu/cgi-bin/mailman/listinfo/ushe-assess
participants (4)
-
Andrew Goble -
Chuck Kimber -
Dave Nielsen -
Mark Walton