[Its-insec] Assignment for INSEC operations

[Kruse, Hans]

One of the project ITS is involved in is maintenance of NASA deep-space communications software. The source code is housed on a virtual machine in the ITS data center. The code is the property of various NASA centers, and we are required to keep it safe from unauthorized access. The software is also export controlled, which means we have a legal liability if we do not properly restrict access.

The server in question is https://inb.ocp.ohio.edu/ (132.235.67.10). The code management platform is a product called RedMine.  I need for you to do appropriate port scanning and penetration testing. You will need to select tools, run them against the server, and interpret results.

Note:
- I cannot give you credentials on the server, you will need to do all probing from the outside.
- The server should respond to SSH and web requests; the web server should only every return a home page with a login option for unauthenticated access.
- Your scanner and the server will be on the same side of the firewall, so you may find problems that (hopefully) will not be visible outside the lab. That is intentional, those flaws still need to be fixed.

You should plan on using the same workspace for collaboration as the analysis branch - see my previous message on that subject.

Hans Kruse, Professor and Director
J. Warren McClure School of Information and Telecommunication Systems
Adjunct Associate Professor of Electrical Engineering and Computer Science
367 Schoonover Center, Ohio University, Athens, OH, 45701
740-593-4891 voice, 740-593-4889 fax

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserv.ohio.edu/pipermail/its-insec/attachments/20151009/8fa3a702/attachment.html