Game Mark Shtern.

Slides:

Advertisements

Similar presentations

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,

Advertisements

Configuring Windows to run Dr.Web scanner remotely.

Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Windows 2003 Server. Windows 2003 Server Contents Fitur Windows 2003 Server Installation And Configuration Windows Management Resource  User Management.

Csci5931 Web Security1 Case Study: A Forensic Lesson for Web Security (MSS, part one)

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Network Security and its Impact on Network Continuity.

Web Server Administration TEC 236 Securing the Web Environment.

Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

TCP/IP Networking 09/10 Lab Exercises RULES OF THE GAME.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Part 2- An IT Auditing Framework

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Web Server Administration Chapter 10 Securing the Web Environment.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Security Testing Case Study 360logica Software Testing Services.

Section 10: Security CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Endian Firewall Community Edition Roy Hickman Technology Director Peck Community Schools #

AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.

Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

I-Hack’08 International Hacking Competition “Details”

Labs. Session 1 Lab: Designing Network Infrastructure in Windows Server 2008 Exercise 1: Preparing for a Network Infrastructure Design Exercise 2: Designing.

GCSC August Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

Chapter 8 Configuring and Managing Shared Folder Security.

Research Report Summary CIS Benchmark Security Configurations Eliminate 80 – 90 % of Known Operating System Vulnerabilities Bert Miuccio

INFORMATION SECURITY UNIX & DB2. Introduction THE OBJECTIVE IS TO DESIGN SECURITY MEASURES FOR A MILITARY SYSTEM SYSTEM RUNNING A DB2 SERVER ON UNIX FOCUS.

Mark Shtern.  Secure your infrastructure using IDS, application firewalls, or honeypots  Plant your flag on opponent’s machine  Prevent intruders from.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Game Mark Shtern. Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent.

Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Microsoft Installing & Configuring Windows Server Exam Questions Answers Powered By:

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

CSCE 548 Student Presentation By Manasa Suthram

Fortinet NSE8 Exam Do You Want To Pass In First Attempt.

Working at a Small-to-Medium Business or ISP – Chapter 8

Employee clicks on fake

Secure Software Confidentiality Integrity Data Security Authentication

VceTests VCE Test Dumps

NTC 324 RANK Lessons in Excellence-- ntc324rank.com.

NTC 324 RANK Perfect Education/ ntc324rank.com.

NTC 324 RANK Education for Service-- ntc324rank.com.

Information Security Session October 24, 2005

ISMS Information Security Management System

Security Essentials for Small Businesses

Lesson 16-Windows NT Security Issues

Identity & Access Management

Game Mark Shtern.

This is a typical Windows user desktop

Game Mark Shtern.

Security through Group Policy

Network hardening Chapter 14.

Presentation transcript:

Game Mark Shtern

Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent intruders from planting their flag Remove your opponents’ flag Identify intrusions Discover your opponents’ password hashes and brute force them The flag is signed file. Students cannot recreate flag.

Game Rules You are not allowed to configure any network firewalls (yours or an opponent’s) You are not allowed to configure intrusion prevention You are allowed to kill any process that belongs to an intruder You are allowed to change your opponent’s passwords

Environment Deploy IT services Telnet Domain controller DHCP Web Server Network File Sharing Open at least 3 ports on each Linux workstations Create at least 3 user accounts in each Linux/Windows workstation

Scoring Plant/Find Backdoor 5 Plant a flag 20 Catch intrusion 10 Change an opponent’s password 10 Take ownership of an opponent’s complete infrastructure 40 Lose control of a Windows workstation -5 Lose control of a Linux workstation -10 Lose control of a DC -20

PROJECT PENETRATION TESTING Mark Shtern

Project penetration testing Project presentation (10 minutes) on Wednesday, March 26 5 question for presenter Review other projects’ design Find security design flaws and vulnerabilities in other projects Post discovered flaws on the course forum Confirm / deny posted flaws of your project

Scoring Presentation -10 (10) QA phase Discover security problem in Q&A session 10 (-10) Unanswered/Unprepared/Irrelevant questions -10 (10) QA phase Discover vulnerability 5 (-5) Discover vulnerability and exploit it 10 (-10) Discover design flaws 20 (-20) Deny posted flaws 10 (-10) Unanswered post -5 (5)