1 / 8

Game

Game. Mark Shtern. Game Objectives. Secure your infrastructure using IDS, application firewalls, or honeypots Plant your flag on opponent’s machine Prevent intruders from planting their flag Remove your opponents’ flag Identify intrusions

rcanavan
Download Presentation

Game

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Game Mark Shtern

  2. Game Objectives • Secure your infrastructure using IDS, application firewalls, or honeypots • Plant your flag on opponent’s machine • Prevent intruders from planting their flag • Remove your opponents’ flag • Identify intrusions • Discover your opponents’ password hashes and brute force them

  3. Game Rules • You are not allowed to configure any network firewalls (yours or an opponent’s) • You are not allowed to configure intrusion prevention • You are allowed to kill any process that belongs to an intruder • You are allowed to change your opponent’s passwords

  4. Environment • Deploy IT services • Telnet • Domain controller • DHCP • Web Server • Network File Sharing • Open at least 3 ports on each Linux workstations • Create at least 3 user accounts in each Linux/Windows workstation

  5. Scoring • Plant/Find Backdoor 5 • Plant a flag 20 • Catch intrusion 10 • Change an opponent’s password 10 • Take ownership of an opponent’s complete infrastructure 40 • Lose control of a Windows workstation -5 • Lose control of a Linux workstation -10 • Lose control of a DC -20

  6. PROJECT PENETRATION TESTING Mark Shtern

  7. Project penetration testing • Project presentation (10 minutes) on Wednesday, March 26 • 5 question for presenter • Review other projects’ design • Find security design flaws and vulnerabilities in other projects • Post discovered flaws on the course forum • Confirm / deny posted flaws of your project

  8. Scoring • Presentation • Discover security problem in Q&A session 10 (-10) • Unanswered/Unprepared/Irrelevant questions -10 (10) • QA phase • Discover vulnerability 5 (-5) • Discover vulnerability and exploit it 10 (-10) • Discover design flaws 20 (-20) • Deny posted flaws 10 (-10) • Unanswered post -5 (5)

More Related