Presentation is loading. Please wait.

Presentation is loading. Please wait.

SEC.FAIL Information Security Defense Lab Setup. SEC.FAIL Instructions Each team will need to operate on a separate system profile. For the labs, you.

Similar presentations


Presentation on theme: "SEC.FAIL Information Security Defense Lab Setup. SEC.FAIL Instructions Each team will need to operate on a separate system profile. For the labs, you."— Presentation transcript:

1 SEC.FAIL Information Security Defense Lab Setup

2 SEC.FAIL Instructions Each team will need to operate on a separate system profile. For the labs, you will need to establish these profiles before the start of Level 0. Each system profile should include the following: A high level business description of what the system does, sufficient for the team to determine information classification based on business purpose. A list of computer assets, including basic information about the operating system and system software A network map of how these are interconnected and a disconnected connection to the central network A list of user names and passwords necessary to access all related infrastructure and systems A IP address space confinement so that the connected systems don’t conflict

3 SEC.FAIL Strengths and Weaknesses The purpose of the lab is for the teams to understand the risk profile of each system profile and learn how to protect it. They are similar in purpose, but not necessarily in mitigation techniques. Before game play starts, you need to understand each system profile and have a strategy for the following:  Identify critical assets and services that must be available to the common network.  Identify components for a protection strategy which can be leveraged by the teams given their level of skill  Identify weaknesses for a protection strategy which provide sufficient threat which can be mitigated Remember, the goal isn’t to create a system that is invulnerable nor to create an attack that can’t be mitigated. It is to craft workable attacks that can be mitigated, and assist the teams in discovering techniques to manage the risk. Each system profile must have a problem capable of being solved by your teams.

4 SEC.FAIL Sample System Profiles

5 SEC.FAIL System Profile “Alpha” Office Productivity / Common Office Environment Business Purpose  Provide common office environment for corporate users productivity software. System Profile  Windows 2012 R2 Domain Controller with DNS/DHCP  Windows 2012 R2 SharePoint 2013 Server with Embedded SQL  Windows 7 Client with Office 2012  pfSense Firewall To Be Protected  SharePoint site contains business confidential information  Internet Facing SharePoint Site Username: administrator@alpha.local Password: TurpidTulipA4392administrator@alpha.local

6 SEC.FAIL System Profile “Beta” Email / Common Office Environment Business Purpose  Provide common office environment for corporate email. System Profile  Windows 2012 R2 Domain Controller with DNS/DHCP  Windows 2012 R2 Exchange 2013  Windows 7 Client with Office 2012  pfSense Firewall To Be Protected  Exchange email box contains business confidential information  Internet facing SMTP/OWA services Username: administrator@beta.local Password: LucidLiceB4039administrator@beta.local

7 SEC.FAIL System Profile “Gamma” WordPress Blogging Site Business Purpose  Provide internet facing blog site System Profile  Ubuntu Linux 14.04.3 LTS Server LAMP Server with WordPress  Ubuntu Linux 14.04.3 LTS Server MySQL Server  Ubuntu 15.04 Workstation with Firefox  pfSense Firewall To Be Protected  Internet facing web page Username: administrator@gamma.local Password: ChillyCharlieG2093administrator@gamma.local

8 SEC.FAIL System Profile “Delta” Corporate Web Presence Business Purpose  Provide internet facing CRM customer web site System Profile  Ubuntu Linux 14.04.3 LTS Server LAMP Server with Sugar CRM  Ubuntu Linux 14.04.3 LTS Server MySQL Server  Ubuntu 15.04 Workstation with Firefox  pfSense Firewall To Be Protected  Internet facing web page Username: administrator@delta.local Password: DiceyDurgeD2912administrator@delta.local


Download ppt "SEC.FAIL Information Security Defense Lab Setup. SEC.FAIL Instructions Each team will need to operate on a separate system profile. For the labs, you."

Similar presentations


Ads by Google