TDI’s penetration testing services for NASA revealed & minimized their cyber risks and provided them with information assurance.

TDI performed penetration testing services for the National Aeronautic and Space Administration (NASA) to reveal any risks that might cause system downtime or service interruption, and to subsequently minimize these risks. TDI’s expertise was brought to bear to understand that the location of firewalls and routers, the operating systems, the configuration of servers and clients, network connections, and hardware and software that reside on NASA’s networks all contribute to determining weaknesses.

By mimicking hackers and thus using their techniques, TDI personnel demonstrated the true state of the target’s security posture with penetration testing. Though we use automated tools for some of the more commonplace and documented vulnerabilities, we took a more manual approach to test the latest vulnerabilities that are particular to the target network configuration.

Our penetration tests were accomplished through a variety of techniques and tools to illustrate susceptible components of cybersecurity defenses, such as:

  • Port Scanning: systematically scanning ports of relevant servers. TDI identified open ports and open services that reflect security infrastructure vulnerabilities.
  • Denial of Service (DoS): characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. TDI assessed the level of susceptibility to these attacks. We evaluated potential vulnerability to DoS. TDI did NOT actually launch DoS attacks or exploitations.
  • Password Cracking: any program that can decrypt passwords or otherwise disable password protection. TDI used tools such as L0phtcrack and rainbow tables to illustrate poor user password protection and other password vulnerabilities.
  • Spoofing: the ability to forge one’s source address; the act of using one machine to impersonate another. TDI used this method to illustrate the strength of firewall configurations. In addition, we used methods and techniques known as “firewalking” to assess inadvertent firewall mis-configurations.
  • Buffer Overflows: TDI tested vulnerabilities with respect to buffer overflows.

Our penetration testing efforts included discovering the identities of systems, mapping the ports and services on those systems, enumerating them, and using various strategies to intrude upon those systems.

From 2004, TDI supported NASA in its need to address cybersecurity holes in its networks. Our expertise has allowed NASA to continue focusing on its mission while allowing TDI to provide NASA with information assurance. Our continued support of NASA, for many years, with specific requests for our personnel’s expertise, is a clear indicator of our successful delivery to this symbolic institution of ingenuity and technological advancement.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
The IMF Identifies monetary risk globally. TDI ID’ed cyber risk for the IMF

Across internal systems, public facing applications, networks, and mobile devices, TDI has provided risk and vulnerability assessment services to scores of the IMF’s IT assets.
Monster calls on TDI to support its cyber requirements and scare away risk

As Monster’s cybersecurity partner for over a decade, TDI helped Monster navigate the difficult waters of Federal compliance by conducting A&A & other cyber efforts delivering roadmaps to protection
We’ve fortified Smithsonian’s cyber for the better part of 2 decades

Our engineers have been embedded at Smithsonian longer than much of their own staff & we appreciate this honor & their trust to provide A&A, pen testing, training, business continuity, & more.

nSights Report


X