Game Mark Shtern. Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent.

Slides:



Advertisements
Similar presentations
Incident Response Managing Security at Microsoft Published: April 2004.
Advertisements

CN Objectives of the course To build and maintain a UNIX-based Network Systems & Servers Install Linux, fine tune the system, enable required server,
Vulnerability Analysis. Formal verification Formally (mathematically) prove certain characteristics Proves the absence of flaws in a program or design.
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Network Security and its Impact on Network Continuity.
Web Server Administration TEC 236 Securing the Web Environment.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Practical Training of Information Security Masahito Gotaishi, R & D Initiative, Chuo Universty.
Rochester Institute of Technology Secure IT 2007 Security Auditing Course Development Rochester Institute of Technology Yin Pan
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.
ICS 324 Students Marks and Grades
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Part 2- An IT Auditing Framework
Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.
Web Server Administration Chapter 10 Securing the Web Environment.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Information Systems Security Operations Security Domain #9.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Ethical Hacking of Wireless Routers Faizan Zahid CS-340 Nida Noor CS-378.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Endian Firewall Community Edition Roy Hickman Technology Director Peck Community Schools #
FORESEC Academy FORESEC Academy Security Essentials (III)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
GCSC August Backup Exec Critical Vulnerability Cannot offer tcp/6101, tcp/6106 & tcp/10000 to offsite Will be scanning from offsite soon Strongly.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
Preparing For The Strategic Security CTF
Research Report Summary CIS Benchmark Security Configurations Eliminate 80 – 90 % of Known Operating System Vulnerabilities Bert Miuccio
Mark Shtern.  Secure your infrastructure using IDS, application firewalls, or honeypots  Plant your flag on opponent’s machine  Prevent intruders from.
Intrusion Detection System (IDS). What Is Intrusion Detection Intrusion Detection is the process of identifying and responding to malicious activity targeted.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
NEXT GENERATION ATTACKS & EXPLOIT MITIGATIONS TECHNIQUES ID No: 1071 Name: Karthik GK ID: College: Sathyabama university.
Filip Chytrý Everyone of you in here can help us improve online security....
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Vulnerability Analysis Dr. X. Computer system Design Implementation Maintenance Operation.
Huntsville City School Board
CSCE 548 Student Presentation By Manasa Suthram
Working at a Small-to-Medium Business or ISP – Chapter 8
A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.
Secure Software Confidentiality Integrity Data Security Authentication
CompTIA Security+ Study Guide (SY0-501)
Internet Service Provider Attack Scenario
LINUX SECURITY Dongmei Wu ID: /25/00.
امنیت اطلاعات و ضرورت آن
Security Essentials for Small Businesses
Lesson 16-Windows NT Security Issues
Identity & Access Management
Virtual Patching “A security policy enforcement layer which prevents the exploitation of a known vulnerability”
Game Mark Shtern.
This is a typical Windows user desktop
Game Mark Shtern.
Machine Learning Course.
Networking for Home and Small Businesses – Chapter 8
Game Mark Shtern.
Intrusion Detection system
G. Noubir College of Computer and Information Science
Networking for Home and Small Businesses – Chapter 8
Intrusion.
Networking for Home and Small Businesses – Chapter 8
Using a Nessus Scanner on a
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

Game Mark Shtern

Game Objectives Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent intruders from planting their flag Identify intrusions Remove your opponents’ flag Discover your opponents’ password hashes and brute force them

Game Rules You are not allowed to configure any network firewalls (yours or an opponent’s) You are not allowed to configure intrusion prevention You are allowed to kill any process that belongs to an intruder You are allowed to change your opponent’s passwords

Scoring Plant/Find Backdoor 5 Plant a flag that is not discovered 20 Catch intrusion 10 Change an opponent’s password 10 Take ownership of an opponent’s complete infrastructure 40 Lose control of a Windows workstation -5 Lose control of a Linux workstation -10 Lose control of a DC -20

PROJECT PENETRATION TESTING Mark Shtern

Project penetration testing Project presentation on Friday, March 23 3 questions for presenter Review other projects’ design Find security design flaws and vulnerabilities in other projects Post discovered flaws on the course forum Confirm / deny posted flaws of your project

Scoring QA phase – Discover vulnerability 5 (-5) – Discover vulnerability and exploit it 10 (-10) – Discover design flaws 20 (-20) – Deny posted flaws 10 (-10) – Unanswered post -5 (5) Presentation – Discover security problem in Q&A session 10 (-10) – Unanswered/Unprepared/Irrelevant questions -10 (10)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.