180 likes | 424 Views
Why Exercise?. Prepare for the Enemy" in a controlled environmentSee how technology, policy, people hold up under stressFix problems. Why should you care?. CJCS policy Jun 05Every Joint Exercise Must Include IANavy NETWARCOMOperate the Global Information Grid as a Weapon System. IA Exercises.
E N D
1. IT430 Information Assurance Lesson 14 Cyber Defense Exercise
2. Why Exercise? Prepare for the “Enemy” in a controlled environment
See how technology, policy, people hold up under stress
Fix problems
3. Why should you care? CJCS policy Jun 05
Every Joint Exercise Must Include IA
Navy NETWARCOM
Operate the Global Information Grid as a Weapon System
4. IA Exercises Goals
Planning
Execution
Lessons Learned
5. The People Planners
White Cell
Referees with the script
Trusted Agents
Let in on a part of the script
Red Cell
Aggressors
Participants
6. Cyber Defense Exercise Goals
Enhance IA Curriculum
Hands on Defensive IA
Realistic Environment
IA Decisions in Heightened Threat
7. Cyber Defense Exercise Planning
NSA – White Cell
Academy Faculty – Trusted Agents
Academy Students – Participants
Starts 6 months prior
Senior Level Support
Logistics
Funding
Exercise Events to meet goals
8. Execution 4-Day Exercise
Directive spells out Do’s and Don’ts
Measured Tasks (IA Model)
Operations – Keeping the network up
Security
Reporting
9. The CDX Scenerio
10. Required Configuration Domain Con W2k3
E-Mail MS Exchange
Web Server Fedora Core 2
File Server FC2 and Samba
Clients XP
11. Required Configuration
12. USAFA: Network Architecture
13. USAFA: Web Server Defacement The US Air Force Academy:
- Winner of CDX 2006
- Root compromise of Web Server
Attack Progression: (from Red Cell Blog)
10:30 - RT Begins scanning the USAFA Network. They identify 7 boxes.
15:30 - RT uses "apache module" backdoor to gain non-root access to webserver (secondary)
15:45 - RT gains root access on webserver
15:50 - RT copies shadow file from webserver, cracks passwords
16:05 - RT has full control of the webserver.
- NEXT DAY -
10:30 - USAFA pulls Webserver offline
14. USNA: Network Architecture
15. USNA: A Balancing Act The US Naval Academy:
- Great Command Structure,
- Team management, Organization.
- Task Prioritization key to network defense.
16. USMA: Network Architecture
17. USMA: A Complex Network The US Military Academy:
- Complex
- Well Designed
- 1 Router left insecure
Attack Progression: (from Red Cell Blog)
10:28 - Scan started by RT
10:29 - Scan revealed that 10.1.100.251 was a Cisco device with a Web Interface.
12:34 - RT got level 15 access to the router .251 using the default password. RT creates a username and password (for continued access).
13:37 - Router enable password changed to battl3ship. Telnet enabled and the prompt message changed to “GO_NAVY_BEAT_ARMY”.
18. 9 Most Exploited Vulnerabilities Patches:
1. Microsoft Windows LSASS Buffer Overflow Vulnerability
2. Microsoft DCOM
Passwords:
3. Use of the LM Hash
4. Use of Weak Passwords
5. Use of the same password on Multiple Systems
Policy:
6. Microsoft Windows Default Administrative Shares
7. Rich Text Format / HTML Email
8. Access to System Executables
9. Use of Unnecessary Services / Accounts
19. Student Best Practices 1. Know the Network and Keep it Simple
2. Deny by Default Policy
3. Remove Unnecessary Services, Software, User Accounts
4. Plan for Contingencies