1 / 18

IT430 Information Assurance

Why Exercise?. Prepare for the Enemy" in a controlled environmentSee how technology, policy, people hold up under stressFix problems. Why should you care?. CJCS policy Jun 05Every Joint Exercise Must Include IANavy NETWARCOMOperate the Global Information Grid as a Weapon System. IA Exercises.

eron
Download Presentation

IT430 Information Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. IT430 Information Assurance Lesson 14 Cyber Defense Exercise

    2. Why Exercise? Prepare for the “Enemy” in a controlled environment See how technology, policy, people hold up under stress Fix problems

    3. Why should you care? CJCS policy Jun 05 Every Joint Exercise Must Include IA Navy NETWARCOM Operate the Global Information Grid as a Weapon System

    4. IA Exercises Goals Planning Execution Lessons Learned

    5. The People Planners White Cell Referees with the script Trusted Agents Let in on a part of the script Red Cell Aggressors Participants

    6. Cyber Defense Exercise Goals Enhance IA Curriculum Hands on Defensive IA Realistic Environment IA Decisions in Heightened Threat

    7. Cyber Defense Exercise Planning NSA – White Cell Academy Faculty – Trusted Agents Academy Students – Participants Starts 6 months prior Senior Level Support Logistics Funding Exercise Events to meet goals

    8. Execution 4-Day Exercise Directive spells out Do’s and Don’ts Measured Tasks (IA Model) Operations – Keeping the network up Security Reporting

    9. The CDX Scenerio

    10. Required Configuration Domain Con W2k3 E-Mail MS Exchange Web Server Fedora Core 2 File Server FC2 and Samba Clients XP

    11. Required Configuration

    12. USAFA: Network Architecture

    13. USAFA: Web Server Defacement The US Air Force Academy: - Winner of CDX 2006 - Root compromise of Web Server Attack Progression: (from Red Cell Blog) 10:30 - RT Begins scanning the USAFA Network. They identify 7 boxes. 15:30 - RT uses "apache module" backdoor to gain non-root access to webserver (secondary) 15:45 - RT gains root access on webserver 15:50 - RT copies shadow file from webserver, cracks passwords 16:05 - RT has full control of the webserver. - NEXT DAY - 10:30 - USAFA pulls Webserver offline

    14. USNA: Network Architecture

    15. USNA: A Balancing Act The US Naval Academy: - Great Command Structure, - Team management, Organization. - Task Prioritization key to network defense.

    16. USMA: Network Architecture

    17. USMA: A Complex Network The US Military Academy: - Complex - Well Designed - 1 Router left insecure Attack Progression: (from Red Cell Blog) 10:28 - Scan started by RT 10:29 - Scan revealed that 10.1.100.251 was a Cisco device with a Web Interface. 12:34 - RT got level 15 access to the router .251 using the default password. RT creates a username and password (for continued access). 13:37 - Router enable password changed to battl3ship. Telnet enabled and the prompt message changed to “GO_NAVY_BEAT_ARMY”.

    18. 9 Most Exploited Vulnerabilities Patches: 1. Microsoft Windows LSASS Buffer Overflow Vulnerability 2. Microsoft DCOM Passwords: 3. Use of the LM Hash 4. Use of Weak Passwords 5. Use of the same password on Multiple Systems Policy: 6. Microsoft Windows Default Administrative Shares 7. Rich Text Format / HTML Email 8. Access to System Executables 9. Use of Unnecessary Services / Accounts

    19. Student Best Practices 1. Know the Network and Keep it Simple 2. Deny by Default Policy 3. Remove Unnecessary Services, Software, User Accounts 4. Plan for Contingencies

More Related