I would have to agree, but would like to add a few pennies.
True, without management support and full backing you will find it
difficult to adequately develop a security policy that will fit your
company's needs and desires. Remember a good security policy balances
these. Ok, on with it
1.
Have a look at the: OSSTMM - Open Source Security Testing Methodology Manual
http://www.isecom.org/projects/osstmm.htm
"The objective of this manual is to create one accepted method for
performing a thorough security test."
Cheers,
Roland
Security Wizards
www.secwiz.com
-Original Mess
y, August 06, 2003 1:18 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Security Policy-Please help
>
>
> From http://www.sans.org :
>
>
> What is a security policy?
>
> All security and technical training classes talk about the necessity of
> basing procedures on a
Sebastian,
This is what I can think of right now I hope it helps..
Security Auditing cover a few things,
POLICIES and PROCEDURES
In order to be able to audit an enterprise
Policies and procedures should exist if not, then part of your report
should include best practices Polici
You don't seem to be completely in the dark on this.
Doesn't matter that much if the network is old or not. Read some
documentation on the hardening of computers and networks. No need to start
and crack away at passwords, even windows has some policy-tools on this.
There are library's out there as
I've been writing custom security policies and have done lots of
research on the internet about it. I'v also reviewed lots of company
policies which are currently in place.
In my mind, the first thing to do of course is convince management that
they need a policy. This is the easiest step. Eve
>From http://www.sans.org :
What is a security policy?
All security and technical training classes talk about the necessity of
basing procedures on a good security policy. We need to understand what is
meant by policy.
For an expansive repository of sample security policies view: "The SANS
Secu
Hey John,
First of all, you're right, it's a daunting task to start a project like
this - I know, I'm there right now myself. Now, I see you're finishing
your Masters in Systems & Network Security (Congratulations), so please
forgive me if anything I recommend/suggest is stuff you already know.
2003-08-06T04:07:48 Kampanellis Ioannis:
> Any advices? Where could I start?
Big, big question. I think you start several steps before the sort
of things you mentioned.
The very first thing is to determine the organization's commitment.
If you have a positive commitment from senior management, pr
As it was written on Aug 1, thus Trond Kringstad spake unto security-basics...:
Trond: Date: Fri, 1 Aug 2003 11:58:46 +0200
Trond: From: Trond Kringstad <[EMAIL PROTECTED]>
Trond: To: [EMAIL PROTECTED]
Trond: Subject: Security resources
Trond:
Trond: Hi list,
Trond: this maybe a off topic, b
This list is a great place to start, however there are also many other
resources out there. I'll leave it to the seasoned list members here to
give you some links of their favorite places, but I can suggest looking at
the 29 other mailing lists from SecurityFocus for starters
(www.securityfocus.com
Or even
http://www.astaro.com/
=)
Morton B. Maser wrote:
I had a similar situation, but rather than using openBSD found Astero
(http://www.astero.com). The firewall runs on a hardened Linux kernel, and
you can add Kapersky AV is so desired for a nominal sum (or free, if you
participate activel
I had a similar situation, but rather than using openBSD found Astero
(http://www.astero.com). The firewall runs on a hardened Linux kernel, and
you can add Kapersky AV is so desired for a nominal sum (or free, if you
participate actively in Astero's power users forum.) The firewall can be
downlo
John
Look at Security Threat Manager from Open. Fantastic product and good
support. ArcSight's support is wanting.
Thanks!
*
Thomas Lim (CISSP)
Secure-1 Asia Pte Ltd
Tel : (65) 6749 7103
Fax: (65) 6741 5545
Mobile: (65) 96812704
Email : [EMAIL PROTEC
-Original Message-
From: Gregg [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 10:41 AM
To: [EMAIL PROTECTED]
Subject: Security/Firewall question
Hi everyone!
I'm still pretty new to security and firewalls and such, and I'm having a
problem wrapping my head around a couple of con
Yes, OpenBSD can do bridging because that is what I am doing now at home.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-Original Message-
From: David Gillett [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 29, 2003 8:55 AM
To: 'Gregg'; [EMAIL PROTECTED]
Subject: RE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Heya Gregg,
On Tuesday, July 29, 2003, at 05:40 AM, Gregg wrote:
I'm not certain if-
I want to assign that IP to the OpenBSD firewall, and use NAT and/or
RDR
to pass on SMTP traffic on port 25 to the email server. Yes? No?
Maybe? Am
I a shame on my
Gregg,
If you're more comfortable with Win2K than BSD, then that's what I would recommend you
stick with. A properly hardened NT box makes a decent bastion host.
I have had good success with Microsoft's ISA server. There are a few books I
recommend if you go that route:
Securing Windows NT/
On Tue, 2003-07-29 at 02:40, Gregg wrote:
> I'm not certain if-
> I want to assign that IP to the OpenBSD firewall,
Yup
> and use NAT and/or RDR
> to pass on SMTP traffic on port 25 to the email server.
Yup
And put the email server on one of the private nets; set up the OpenBSD
box with no
> I'm not certain
> if- I want to assign that IP to the OpenBSD firewall, and
> use NAT and/or RDR to pass on SMTP traffic on port 25 to the
> email server. Yes? No? Maybe? Am I a shame on my species?
About the only other valid choice would be if you can coerce
the OpenBSD box to ac
Hong,
I think you are a little bit wrong! Since Windows NT the following
rule matches every situation:
If there are on two machines an account with the same username
and password - the machines will trust each other for this particular
user irrespective of the domain or computer-domain
Robert
-
Hi hong!
On Wed, 02 Jul 2003, hong li wrote:
> If you use the same password for the local
> administrator on workstations
> as all other servers's local administrator, (even
> domain administrator),the local administrator can gain
> full access to any servers without asking
> domain info if you
It would work in either instance if the Admin name and Password were
Identical.
_
Dave Kleiman
[EMAIL PROTECTED]
www.netmedic.net
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-Original Message-
From: hong li [mailto:[E
hong: Date: Wed, 2 Jul 2003 07:35:12 -0700 (PDT)
hong: From: hong li <[EMAIL PROTECTED]>
hong: To: [EMAIL PROTECTED]
hong: Subject: Security issue in Windows 2000?
hong:
hong: If you use the same password for the local
hong: administrator on workstations
hong: as all other servers's local ad
A user with a sniffer can easily capture your username and password from
the telnet session. If you are on switched ethernet this is a little
more difficult but a determined user (and one who doesn't mind
potentially impacting network performance) can still sniff on a switched
network.
Your best
If you are connecting to the firewall host through an unknown/insecure
network, then the owners of that network will be able to see your
password.
If you are connecting to the firewall host through a local network, and
are connected through a hub (rather than a switch), than local users
(with root
Hilal,
> i am not sure if i am asking the right question within the same subject,but
> i am configuring the firewall throught the telnet connecting / from winxp
> workstation.
>
> Is there any possibility for any internal user to use any tools that will
> haijack my telnet password - password
: Re: security-basics Digest 18 Jun 2003 22:09:15 - Issue 618
Hello All,
i am not sure if i am asking the right question within the same subject,but
i am configuring the firewall throught the telnet connecting / from winxp
workstation.
Is there any possibility for any internal user to use
Hello All,
i am not sure if i am asking the right question within the same subject,but
i am configuring the firewall throught the telnet connecting / from winxp
workstation.
Is there any possibility for any internal user to use any tools that will
haijack my telnet password - password for th
- Original Message -
From: "Damon McMahon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
> Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1
client
> shows the login: and password: transmitted in clear text to a Windows XP
> telnet server.
>
> Can you specify any docume
man
[EMAIL PROTECTED]
www.netmedic.net
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-Original Message-
From: Damon McMahon [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 22:45
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject:
On 2003-06-19 Damon McMahon wrote:
>> The telnet built into Windows 2000 uses NTLMv2 authentication by
>> defalt. While this is not 3DES or RC4, it is still not plain text.
>
> Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1
> client shows the login: and password: transmitted
which eggdrop are you gonna run??? you gonna run the actual program
eggdrop??? sorry, if that's a stupid question to you. i know there were a
bunch of security issues floating around with the actual program called
eggdrop (http://www.eggheads.org/downloads/)
adam
As a tip of advice... Don't run emech, unless you want to be labeled as
a syn flood owner. More often than not they're mistaken for the
mirkforce nets, and ddos nets...
Besides they're lame
;0
-Original Message-
From: Koen [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 18, 2003 11:13 AM
Dennis,
Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1 client
shows the login: and password: transmitted in clear text to a Windows XP
telnet server.
Can you specify any documentation stating NTLM is used?
Thanks in advance,
Damon
The telnet built into Windows 2000 uses
On Tuesday 10 June 2003 11:44 am, Keenan Smith wrote:
My understanding of it is that with a VPN solution you are creating an
encrypted tunnel over the internet between 2 points. With your solution you
are routing traffic from a remote LAN to a local LAN with no encryption. I
guess it depends on
For CISSP discussion and Exam thoughts also check out...
http://forum.cissp.com/ubbcgi/ultimatebb.cgi?ubb=get_topic&f=1&t=000127
Regards
James
--- Andrew Pretzl <[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> The www.cccure.org website run by Clement Dupuis is an
> excellent source of
> information
on Pastore [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2003 6:58 AM
To: 'Ian'; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Security for Notebooks
I'm interested in this thread since I travel with my notebook...where as I
don't have as many as 300 (more like 5) I seri
The www.cccure.org website run by Clement Dupuis is an excellent source of
information for studying for the CISSP exam. I would also recommend the
CISSP Prep guide and the All in One Exam guide.
AP
=
Andrew Pretzl - CISSP
Network Engineer
Norlight Telecommunications
L PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Security for Notebooks
Hi,
I'm not sure of the availability of some of these services/systems in
Mexico but it will give you an idea of some of the things out there.
Computrace (http://www.computrace.com), Webdetect
(http://w
> Hello-
> I was wondering if there are any security certifications that are not
> specific to any product/s. One that tests the general
> understanding of the
> security concepts in general.
I would recommend you take a look at the CISSP certification.
(Certified Information Systems Security Prof
CTIA has the S+ cert that came out last spring.
Bill
- Original Message -
From: "Ravi K" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, April 10, 2003 4:29 AM
Subject: security cert
>
>
> Hello-
>
> I was wondering if there are any security certifications that are not
>
> sp
>Hello-
>I was wondering if there are any security certifications
that are not
>specific to any product/s. One that tests the general
understanding of
>the security concepts in general. Most of the certifications I have
>heard of are more IT oriented. Any specifically for telecom??
For the ge
I agree with John about centralization of the function, because any change to the
firewall(s) and other edge elements (external routers and switches as well as remote
access or vpn solutions) of corporate security should be a defined (written) process
of request and confirmation. Centralization
Debbie,
It is very important that you are not the only person approving security
changes. The network and firewall people should also approve and signoff on
all changes. You need to make sure that eveyone knows that you are not the
owner of *security*..the user/network/administrators are. Be ca
Debbie,
Sorry not trying to teach you to suck eggs. Re: "Separation
of Duties". From the CISSP prep guide (krutz). The 'IS
security professional' should only not be the person who
authorises access, but 'are delegated the responsibility
for implementing and maintaining security by senior level
man
Debbie -
Regardless of whether anyone else does it, I'd say you've got a pretty good situation
as long as it doesn't overwhelm you.
Centralizing a function like that decreases the likelihood that some random person is
going to misconfigure something and open a hole in your firewall, or that som
Zealand
http://www.koreworks.com/
Is your box REALLY secure?
From: Aigar Käis <[EMAIL PROTECTED]>
To: "MOHESOWA BYAS" <[EMAIL PROTECTED]>
CC: <[EMAIL PROTECTED]>
Subject: RE: Security Issues in Mobile Banking
Date: Wed, 12 Mar 2003 10:19:01 +0200
MIME
On Tue, 2003-03-11 at 06:21, MOHESOWA BYAS wrote:
>
> We have some doubts as listed below:
> 1. Is mobile banking a proven safe technology ?
> 2. Is this a common type of service or is it completely new?
> 3. Are there any known security incidents using this service?
> 4. What features should we
Hi
> User sends his user name and password to the service provider
> as an SMS, the
> ISP processes the request by running a script which initiates
> an "https"
> session with the Bank's Internet Banking Server, and does a
> balance inquiry
> using the username and password.
>
> If the crede
Morgan
You have just hit on one of my pet topics having spent some 50 weeks on
various security (ish)courses in the last 6 years.
If it's ethical hacking you are after there's a whole load of them on my
website at
http://www.networkintrusion.co.uk/hacking.htm
I will add the course you mentioned, b
2003 00:23
To: Chris Berry; [EMAIL PROTECTED]
Subject: Re: security scenario
Well , I think that instead of dealing with how many layers one can
install (and taking the time to install them) it is better (IMHO) to
invest the time in making the important layers secure. having more
layers won
t;theog" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, January 31, 2003 9:04 PM
Subject: RE: security scenario
Not being smart or anything but what layers in this scenerio do you see
as the important ones?
How would you tackle this problem?
Trevor Cushen
Sysnet L
Trevor Cushen wrote:
anyway). They then schedule overnight a dd of the system disk to a disk
in their machine over the network (very easy to do) What priviledges do
they need?? I must check this but I have a feeling they will have
access to /dev files and also the /bin files where netcat and d
essage-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 30 January 2003 07:34
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: RE: security scenario
>
>
> Would be any help if the root partition (and why not other partitions as
> well) is encrypted? O
Burton M. Strauss III wrote:
You can't ... well, the grub password may prevent the trivial case, but if
you have physical access to the hardware, you have the keys to the universe.
(What would stop Mr/Ms Cracker from bring his/her OWN grub floppy?)
-Burton
-Original Message-
From: c
r all because all
environments are different.
Trevor Cushen
Sysnet Ltd
www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499
-Original Message-
From: theog [mailto:[EMAIL PROTECTED]]
Sent: 31 January 2003 00:23
To: Chris Berry; [EMAIL PROTECTED]
Subject: Re: security scenario
Well , I
Would be any help if the root partition (and why not other partitions as well) is
encrypted? Ok, in that case the server must not re-boot.
- Pasi
> From: ext theog [mailto:[EMAIL PROTECTED]]
> I agree , in my opinion , if someone got to the machine's
> keyboard , be it
> phisically or
From: "theog" <[EMAIL PROTECTED]>
I agree , in my opinion , if someone got to the machine's keyboard ,
be it phisically or via a remote console device , he can do virtually
anything, in fact, the simplest thing to do (if I wanted to change the
root for a machine I dont have the password for) is to
which would
almost definitely draw some attention - "Hey Jim what're the bolt cutters
for."
Gavin S.
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 28, 2003 1:40 PM
To: [EMAIL PROTECTED]
Subject: Re: security scenario
>From: Gene
age-
From: Gene Cronk [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 27, 2003 6:57 PM
Cc: [EMAIL PROTECTED]
Subject: Re: security scenario
No CD Rom/Floppy in the server? :-D
Burton M. Strauss III wrote:
> You can't ... well, the grub password may prevent the trivial case, but i
> consider this (I'm trying to make a network more secure) :
> A user enters grub upon bootup and hits "e" to edit the Linux boot
> procedure and then continues to boot into single user mode, and he
> then chagnes the root password to whatever he suits the user who
> did this is eventually t
From: Gene Cronk <[EMAIL PROTECTED]>
No CD Rom/Floppy in the server? :-D
He specified workstation, but to answer your question I have a locking
server case to prevent unauthorized access. In addition we're installing
cypherlocks on the server room door (can't afford a smartcard system right
On Fri, 24 Jan 2003, camthompson wrote:
> consider this (I'm trying to make a network more secure) :
> A user enters grub upon bootup and hits "e" to edit the Linux boot
> procedure and then continues to boot into single user mode, and he then
> chagnes the root password to whatever he suits t
No CD Rom/Floppy in the server? :-D
Burton M. Strauss III wrote:
You can't ... well, the grub password may prevent the trivial case, but if
you have physical access to the hardware, you have the keys to the universe.
(What would stop Mr/Ms Cracker from bring his/her OWN grub floppy?)
-Burto
Here are some possibilities:
Set up a BIOS password.
Remove the keyboard and monitor from the server.
Lock the server closet.
If a user has physical access to the machine, he (or she) can probably make
it do anything desired by that user.
If this is a workstation and users must have physical acc
Well,
Firstly if the environment is supposed to be a secure environment use
the systems bios to lock the keyboard, if that is not possible, require
a bios password at boot. You might also want to use lilo.
On Sat, 2003-01-25 at 01:44, camthompson wrote:
> consider this (I'm trying to mak
Probably the simplest thing to do is to add a password to grub. Edit
/boot/grub/grub.conf and add the line "password=yourpassword". Then don't
forget to set appropriate permissions on that file and probably
/etc/grub.conf so that random people can't just look up the password.
Good Luck,
-Jonatha
> Just wondering what others are doing to expand their security knowledge?
> I'm interested to hear what others are doing with some sort of test
> network or lab.
For a test 'lab/network', I like vmware. Not only does it safe on hardware,
but it does make cleanup so much easier.
--
-
Or expulsion...for the students on the list.
-t
-Original Message-
From: Meritt James [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 22, 2003 8:27 AM
To: Shaw Kevin
Cc: [EMAIL PROTECTED]
Subject: careful! (was: Re: Security+
Be very, very careful. Not only do some businesses &quo
Be very, very careful. Not only do some businesses "not like", but it
is occasionally grounds for dismissal.
"Shaw, Kevin" wrote:
> However; don't do anything illegal in that process! Nobody
> takes kindly to having hacker tools running on their network.
--
James W. Meritt CISSP, CISA
Booz |
ot; <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, January 09, 2003 4:59 AM
Subject: RE: Security+
> {long post warning}
>
> Mr. McCarthy, as well as the other responders, are very much right on the
> money here. If you have little to no experience you have to
ents direct or implied.]
-Original Message-----
From: Jack McCarthy
Sent: Monday, January 06, 2003 1:32 PM
To: [EMAIL PROTECTED]
Subject: RE: Security+
I'm in a similar situation. I'm not a pro by a long shot, but here are some
things that have
helped me...at least get a bet
: Shaw, Kevin [mailto:[EMAIL PROTECTED]]
> Sent: January 8, 2003 21:00
> To: [EMAIL PROTECTED]
> Subject: RE: Security+
>
>
> {long post warning}
>
> Mr. McCarthy, as well as the other responders, are very much
> right on the
> money here. If you have little to
to the field.
Clement
> -Original Message-
> From: Lachlan McGill [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 08, 2003 4:10 PM
> To: 'Gedi'; [EMAIL PROTECTED]
> Subject: RE: Security+
>
>
> I suggest you look at something that does not req
anuary 09, 2003 5:34 AM
To: 'Gedi'
Cc: [EMAIL PROTECTED]
Subject: RE: Security+
Good day Gedi,
Security+ is targeted at individuals with 2 years of
experience, they
recommend that you have the level of knowledge of A+
or Network+, from
what I have read it seems that you really do.
I
recommendation.
Clement
[EMAIL PROTECTED]
http://www.securitytalks.com/forum/
The Leading Security Certification Hub
> -Original Message-
> From: Gedi [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 07, 2003 6:35 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Security+
I suggest you look at something that does not require industry experience
but is very reputable like GIAC certification. Go to www.giac.org.
-Original Message-
From: Gedi [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 7 January 2003 11:35 PM
To: [EMAIL PROTECTED]
Subject: RE: Security+
Hi
For the first two, yes. For CISSP you have to find another CISSP who is
willing to place his name next to yours on a recommendation and you have
to say that you have had it. For the second, you have to get people
that knew you were in those positions to furnish documentation to that
effect (HR, a
Hi all,
In addition to Simons original question, I too am
looking for security certs.
I currently have a Cisco CCNA and am on the road to
completing my degree in computers. However, due to
circumstances out of my control, I have never held a
job in the security industry. I am currently an
enginee
d so I end up with a general
knowledge of it, but can't do it to save my life.
-Original Message-
From: Jack McCarthy [mailto:[EMAIL PROTECTED]]
Sent: Mon 1/6/2003 12:31 PM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: Security+
vice
>
> mike heitz ** sr it manager ** UPSHOT
> 312-943-0900 x5190
>
> -Original Message-
> From: Kriss Warner [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, January 05, 2003 1:45 PM
> To: [EMAIL PROTECTED]; 'Security-Basics'
> Subject: RE: Security+
&g
-
From: Mike Heitz [mailto:[EMAIL PROTECTED]]
Sent: 06 January 2003 16:05
To: Kriss Warner; [EMAIL PROTECTED]; Security-Basics
Subject: RE: Security+
I'm new to Security (just had it heaped on me after my last performance
review) and am interested in some Certs. I've heard mention of t
d trying the stuff out.
>
> So my question is, am I going to be way over my head looking into these
> certs? I have been an admin for Novell for 5 years, and have spent the
> last 3 years in an NT/2000 environment. I want to learn as much as
> possible, but really don't like u
Sunday, January 05, 2003 1:45 PM
To: [EMAIL PROTECTED]; 'Security-Basics'
Subject: RE: Security+
Hey Simon: I have been doing security work for the last couple of years
(Intrusion Detect, Policy compliance etc.) I did some investigation into
the various Cert's and basically found th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Has anybody done/looked at CompTIA's Security+ cert.
> Is it a good cert to get because I eventually want to get into
> security but at the moment I don't have the experience/cash to do
> the SANS or CISSP courses (plus the fact that SANS is offered
Mr. Taplin:
I would say that it could not hurt to do the Security+ certification. I
took the beta and found it to be a good basic security certification.
If you have not yet done any security work, you would not qualify for
the CISSP. You might qualify to take the SSCP exam, which requires "a
Hey Simon: I have been doing security work for the last couple of years
(Intrusion Detect, Policy compliance etc.) I did some investigation into
the various Cert's and basically found that most people are looking for
CISSP. I wanted to get one Cert this year and it going to be CISSP. I
understand
e, etc.).
Robert Escue
System Administrator
-Original Message-
From: Teodorski, Chris [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 20, 2002 2:35 PM
To: 'Escue, Robert S CONT (NETS)'
Subject: RE: Security clearance.
Imho I don't think it's a good idea to announce to
The link provided by Anthony Shayla has some good info and some real bad,
especially when discussing information concerning Top Secret clearances. As
someone who spent 10 years with one, you can be given a Top Secret clearance
and have no access to Top Secret information. This is called a "GENSUR"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex,
Here is a website that should be able to answer most if not all your
questions: www.dss.mil/psi/. The three basic main clearance levels are:
Top Secret, Secret, and Confidential. Bear in mind these are federal
clearance levels, as I don't know
2002-12-18T15:40:56 Zimin, Alex:
> Looks like personal security clearance is the "must have" for the
> security professionals.
Interesting. As far as I know, I've never met anyone with a
security clearance, and I've been working computer security for
financial services firms for about ten years.
l FBI office.
Alex
-Original Message-
From: Anthony, Shayla [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 19, 2002 10:17 AM
To: Zimin, Alex; [EMAIL PROTECTED]
Subject: RE: Security clearance.
http://www.jobcircle.com/career/coach/jf_2002_09.html
no links.. but good info
Alex,
Getting a security clearance is up to your employer, not you (if you are
talking about a Government security clearance). And this is dependent on
access and need to know as to what you would be cleared for.
If you are trying to apply for a Government position (Government Service) or
as a Go
Public sector providers/security professionals can make contact with one of their
local State Guard CERT and see what kind of partnerships can be worked out.
I'm on the CSIRT for the Missouri public sector backbone provider, and there's a Guard
CERT in my downstream. They've put in my applicati
I don't believe that you can just "get" clearanceI believe it has to be needed for
a job.i.e. company sponsored...and I believe it cost $ for the investigation
-Original Message-
From: Zimin, Alex [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 18, 2002 3:41 PM
To: [EMAI
www.dss.mil - they issue the clearance for the DOD. However, you have to have
justification for a clearance which usually requires a Contract # and this MUST be
issued by your Corporate Security Officer. For example, you can't come off the street
and get a clearance. Your company has to issue
http://www.jobcircle.com/career/coach/jf_2002_09.html
no links.. but good info
I wrote an article about some of the options and our own network
implementation of centralized logging:
http://rr.sans.org/casestudies/mixed_win.php
Hope it helps
Fred
-Original Message-
From: netsec novice [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 2:57 PM
To: [EMAIL P
Davin,
Some software may be ideal for come clients, however it may not be
ideal for others. My point is that the "best" software for the
"problem" really depends on who is going to purchase it and what they
need. I am not sure how other people on this list feel about this, but
my opinion
1 - 100 of 261 matches
Mail list logo