Presentation is loading. Please wait.

Presentation is loading. Please wait.

March 20051 March 29, 2005 DCE Panel Members Dr. Drew Hamilton, Auburn University Rick Toliver, Teledyne Solutions Inc. Joe Popinski, Information Engineering.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "March 20051 March 29, 2005 DCE Panel Members Dr. Drew Hamilton, Auburn University Rick Toliver, Teledyne Solutions Inc. Joe Popinski, Information Engineering."— Presentation transcript:

1 March 20051 March 29, 2005 DCE Panel Members Dr. Drew Hamilton, Auburn University Rick Toliver, Teledyne Solutions Inc. Joe Popinski, Information Engineering Southeastern Software Engineering Conference 2005

2 March 20052

3 3 Committee and Judges Judges Dr. Drew Hamilton, Auburn University Dr. John Wu, Auburn University Don Reifer, Refier Consulting, Inc. DCE Committee Paul DePriest, IE Joe Popinski, IE Don Reifer, RCI Jason Bradford, RSA Rick Toliver, TSI SA Hale, TSI Eadie Warboys, TBE Del Hart, UAH Drew Hamilton, AU John Wu, AU Matt Pierce, Adtran Chris Stanford, TSI Lisa Rich, ASU George Starcher, Cinram

4 March 20054 DCE Overview Goal – Run a realistic exercise to educate the community on: –Best practices –Vulnerabilities –Technology Operational Scenario –Teams will be provided access to the network –Teams will not be supervised –Judges will roam once the exercise is underway –Teams will be scored –The team with the most points will be declared the “WINNER” Ground Rules Do not launch a Denial of Service attack Do not ARP-cache-poison our servers Do not install kernel level root kits on targets Do not connect to an external network (wired or wireless) Once you gain access, do not close the security hole Do not change passwords Do not attack your competitor’s machines No internet connectivity or tools will be provided No physical access to the target machines will be provided

5 March 20055 Scoring Guidelines GoalMax. points Map the target network by IP address, Operating System, and identify network services provided. 10 Add a Web page to Web Server in DMZ. Add link form existing home page.5 Add entry to the DNS tables and make new entries active5 Identify all user accounts on each machine1 per acct Identify all user passwords on each machine1 per password Identify Firewall configuration5 Obtain root shell on a target machine3 per machine* Create an account on a target machine3 per machine* Install “backdoor” software on target machine. Software must operate properly.5 per machine Find and identify the “Special Device” on the network20 Obtain “Golden” file from each target machineInstant Prize

6 March 20056 What it takes Equipment usage from sponsoring companies Volunteer time, hundreds of hours Planning well in advance Coordination with SE2 DCE Publicity with community Dedication by all involved Special Thanks to Cisco, Green Hills Software and Arxceo

7 March 20057 The Target System This was not your father’s network –Multiple networks –Layered defense Router/switch External web server DMZ Firewall Servers (Linux & Win) Golden Files Special Device (2) –Password protection –VLANs

8 March 20058 The Network

9 March 20059 Team #1 - Raiders of the Lost Arc – UAH Brooks Mattox, Roy Cole Team #2 – Athens State Combat Team Paul Koon, David Fitsimmons, Miroslav Sadilek Team # 3 – Auburn Orange Kevin Richard, Alan Hunt, Adam Hathcock, Daniel Kolenich Team #4 – Auburn Blue Will Fletcher, Dave Baxter, Bill Cleveland, Daniel Box The Participants

10 March 200510 Results Summary All day session The defensive team was in charge of the target network –Spent a lot of time and effort configuring, building and testing the system All of the participants: –Worked hard –Achieved the goals of the exercise –Learned a lot from each other –Had fun The results were: –Raiders of Lost Arc, first –Auburn Blue, second –Auburn Orange, third –Athens State, fourth Thanks go to many vendors for use of their equipment

11 March 200511 Winning Team with Judges

12 March 200512 Many Thanks Supporting Companies Judges –Dr. Drew Hamilton, Auburn University –Dr. John Wu, Auburn University –Don Reifer, RCI Participants

13 March 200513 Five Questions 1.What was learned about network vulnerabilities? If so, what vulnerabilities? 2.What did we learn about network protection technology and techniques? If so, what technologies and techniques were most applicable? 3.Did the DCE motivate us to shore up network security practices? If so, in what areas should effort be expended (intrusion detection, firewalls, etc.)?

14 March 200514 Panel Questions? 4.What lessons did we learn relative to conducting another DCE at next year’s conference? 5.What can we do to make the exercise more exciting next year (put up $, invite professionals, etc.)?

15 March 200515 Conclusions Hopefully, the exercise served to demonstrate that expertise in network security is needed by both government and private industry! Perhaps there are things that we can learn from the exercise Maybe, it’s time to embrace new ideas

Download ppt "March 20051 March 29, 2005 DCE Panel Members Dr. Drew Hamilton, Auburn University Rick Toliver, Teledyne Solutions Inc. Joe Popinski, Information Engineering."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.

IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.

Introduction To The Course Network Architecture Hervey Allen Chris Evans Phil Regnauld September 3 - 4, 2009 Santiago, Chile.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
How topology decisions affect speed/availability/security/cost/etc. Network Topology.

How topology decisions affect speed/availability/security/cost/etc. Network Topology.
Firewall Configuration Strategies

Firewall Configuration Strategies
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—5-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Similar presentations

Ads by Google