Re: Initial Security assesment for a large university - what to ask?

Hi,

This totally depends on the administrattion standard the team follows. Some quick pointers could be,

1. The username and passwords as you mentioned
2.  Documented configurations of every  router and server.
3. The last update reports of the all the systems on the network like the antivirus, patch update, router ios
updates etc.
4. Detailed network design diagram will be very critical. That will give you the present status of the
setup. Ensure nothing is missed in the network diagram.
5. List of profiles that are created on the each of the systems for the admin team.
6. The cron jobs or any schedulers that are running on the netwrok for a specific task. 
6. Handholding from key players in the IT team to the new guys on board.
7. Details and SLA's with third party vendors. Especially the vendors that give remote support.
 
Etc.

-
Taufiq
www.niiconsulting.com


Sent from BlackBerry® - Vodafone

-----Original Message-----
From: Camilo Olea <colea <at> sunset.com.mx>
Date: Wed, 31 Mar 2010 11:40:17 
To: <security-basics <at> securityfocus.com>
Subject: Initial Security assesment for a large university - what to ask?

Dear friends,