Don’t Forget the Basics

Posted on February 20, 2012 by | Leave a comment

A word of advice to CCDC teams across the country – it’s easy to get overwhelmed and wrapped up in the details of a CCDC competition, so don’t forget the basics of information security.  Sure it is tempting to get neck-deep in that FreeBSD web server you’re building or to try and catch every little probe a Red Team sends at you.  I’m not saying don’t do those things, I’m saying don’t worry about those things if you haven’t taken care of the basics first.  Every CCDC event is different (that’s one of the great things about the program) so while there’s no magic set of procedures and processes that will win you any CCDC event, there some tried and true security basics that will dramatically increase your chances of winning any CCDC event your team walks into.

  1. Change passwords.  On everything.  Seriously.  If it has an account and a login, you will probably want to change the password.  After years of running CCDC events, we still see teams going into the second or third day of an event with a default password on a router or an admin password that hasn’t been changed.  A weak or default password is like a giant blinking bull’s eye to a Red Team.  So when you take over a network, make changing passwords one of your first priorities.
  2. Secure the perimeter.  If your network is an open door, the Red Team will walk right into it.  Use network firewalls to block incoming connections and limit the services that can be reached from outside your network to the bare minimum.  There’s no reason TCP port 135 should be open the entire world so lock it down.  Don’t have a network firewall?  Then each host just became its own little island with its own perimeter.  Use host-based firewalls to do the same thing – limit access to services wherever you can.  It’s not a bad idea to limit access at both the network and the host level either.   You’re not being paranoid in this case – there really ARE people out to get you (well your systems anyway).
  3. Remove/restrict unnecessary services.  If your server does not need a TFTP service running then turn it off.  Take note of what is required and then turn off any service you don’t absolutely need to address the competition scenarios.  Every service you can turn off or get rid of is one less service to worry about securing and one less target for the Red Team.
  4. Be prepared for contingencies.  Systems get wiped out at CCDC events.  Systems get taken away due to “hardware failures” or “natural disasters”.  So be prepared to restore content quickly if needed.  Make your own copies of critical content where you can – just make sure you store them in a secure manner.
  5. Read injects carefully.  Most injects will tell you what the judges expect to see in your answer.  If they suggest or specify a format, make sure you use it.  If the inject says list the patches applied to each system, be sure to list every system in your report.  Format and content are important as well so don’t ignore them, but if your inject response does not address the questions being asked of you then you will lose points no matter how pretty or well written your response is.

This is by no means a complete list – and it’s not meant to be.  It’s just a reminder that when the buzzer sounds and the keys start clicking, don’t forget to take care of the basics.

→ Leave a comment

Posted in Uncategorized

“Free” SAN Solutions

Posted on January 6, 2012 by | Leave a comment

Ever wanted to play with a Network Attached Storage device?  Is your team looking for some place to store files, images, injects, VMs?  Have an old desktop/server and a few drives lying around and nothing to do on them?  Consider building out your own SAN.  While you can easily pick up some lower end SAN devices for less than $1,000 there are at least two solutions  that will allow you to build a dedicated SAN using hardware you already have laying around:  FreeNAS and Openfiler.  FreeNAS and Openfiler are software solutions that allow you, in most cases, to take your existing hardware and turn it into a full-featured network storage solution supporting iSCSI, NFS, SMB, AFP, etc.  And you can get them for free.

FreeNAS (http://www.freenas.org/) is a free, open source, network-attached storage operating system based on FreeBSD that includes a web interface, command line interface, support for 10GigE devices, snapshots, replication, and so on.  The software is downloaded as ISO that you than burn with your favorite burning software to create a bootable CD.  Openfiler (www.openfiler.com) is available in both free and paid versions, includes a web interface, support for 10GigE devices, replication, and so on.  The software is available as an ISO as well as pre-built VMWare and Xen virtual appliances.

Both products are fairly simple to install from their ISO versions.  Burn the CD, boot from it, and follow the prompts.  If you’ve ever installed an operating system, this process will be very familiar to you and you can have the basic system up and running in very little time.  The big question you’ll need to answer is what will you use your newly created SAN for?  Let’s face it, network storage is fun to play with but it can also be useful.  Here are some things to consider:

  • iSCSI target for ESX server:  Both products support the creation of iSCSI targets that are can be used as datastores for ESX servers.  This is especially useful when storing many VMs or using VMs with multiple snapshots.
  • NFS:  Both products support NFS which would give your team a network storage capability to share files, folders, and so on.  You can even share CD/DVD drives via NSF.
  • Directory Services:  You can configure your NAS to use authentication services such as LDAP or Active Directory.

Of course performance of your NAS is heavily dependent on the hardware you are using.  Neither solution is very CPU or memory intensive but performance for each is heavily influenced by the NICs and hard drives you are using.  The good news is that even with a single 7200 RPM SATA II or III drive and a gigabit NIC you can get acceptable performance out of either of these products.  And both options support capabilities such as NIC teaming to increase throughput.  So if you’re looking for a network storage solution to use in your CCDC preparation activities, consider giving FreeNAS and/or Openfiler a try.

 

→ Leave a comment

Posted in CCDC, How To, NCCDC

Tagged , , ,

NCCDC requires more than technical skills

Posted on November 16, 2011 by | Leave a comment

While NCCDC is a cyber defense competition, there’s a critical skill set that is sometimes overlooked.  Teamwork!

Most commonly Information Technology people like to work individually.  However, to be successful in this competition, team members must be able to communicate effectively with one another, especially in stressful situations.

Teamwork can make or break your performance in this competition.  A strong team sticks together and can make it through the roughest times.  As the stress kicks in, tempers flare and personality conflicts can occur.   A healthy team spirit is what keeps you in the game.

How do you build a strong team?

  • Define a common set of goals
  • Make sure everyone has a ‘team player’ attitude
  • Take part in regular team building activities to foster cohesion, and build trust and confidence amongst each other
  • Identify roles of each team member
  • Identify and respect team members’ strengths and weaknesses
  • Do not criticize or blame individuals
  • Be responsible and supportive

NCCDC is also an opportunity for companies to recruit individuals.  Representatives from each company will be observing teams during the competition.  One of the most important skills these companies want in a future employee is a team player.

→ Leave a comment

Posted in Recruiting

Tagged , , ,

New Alumni Profiles

Posted on November 14, 2011 by | Leave a comment

CCDC attracts some of the best and brightest students from colleges and universities around the country.  Where do competitors go after graduation?  Pretty much anywhere they want to.  CCDC events provide excellent learning opportunities that help develop the skills and capabilities employers need. Stop by and check out our Alumni profiles.  If you are a  former student that has participated in CCDC events, moved on to a career, and would like to be included on our alumni page send me an email expressing your interest.

→ Leave a comment

Posted in Alumni

Tagged , , , ,

NCSAM What’s going on in your community?

Posted on October 31, 2011 by | Leave a comment

We are now at the end  of National Cyber Security Awareness Month (NCSAM). What exactly is NCSAM? It is a coordinated effort of the National Cyber Security Alliance, The Department of Homeland Security (DHS), and The Multi-State Information Sharing and Analysis Center (MSISAC). October 2011 marks the 8th year for the initiative, and the theme for the month is “Our Shared Responsibility”.  Each week focuses on a different critical cyber security issue, you can find out more about this on the DHS website: http://www.dhs.gov/files/programs/gc_1158611596104.shtm

There were a lot of things going on this month to raise awareness of cyber security across the gamut of folks that are not in the trenches of cyber security on a daily basis. I took a bit of time this week to see what a few of our sponsors and supporters have been doing within their communities to increase awareness around cyber security, you can see what I found below. Although there is a heightened focus on creating cyber security awareness this month, security is an ongoing issue and these are good resources to look back on as long as they are available.

 Deloitte: Deloitte’s Global Public Sector group interviewed cybersecurity specialists from around the world to gain insight on this cross-border issue. The resulting report, “Cybersecurity: Everybody’s imperative,” provides a global overview of cybersecurity culture and issues from various regions and emphasizes the need for a holistic and transnational solution involving more than technology. The report also suggests that government needs to do its part to encourage accountability and offer incentives for the private sector.

Ultimately, an effective cybersecurity program will have a positive impact on economies and governments around the world, which in turn should result in an increase of global commerce and better interaction between governments and those who are governed. More info: Cybersecurity: Everybody’s imperative

Northrop Grumman: On Oct. 22,Northrop Grumman showcased cybersecurity careers during the 2011 Engineering EXPO & Engineering College Fair presented by Chantilly High School and Chantilly Academy for Fairfax County Public School students grades 7-12. Northrop Grumman’s Paul Seay, director, enterprise architecture and solutions, was keynote for the event and company cyber experts participated in career counseling sessions. Instructors from the Northrop Grumman Cyber Academywill provide demonstrations and workshops that show students how cyber attackers can take control of a computer and gain access to personal information. Northrop Grumman will also feature CyberCIEGE, an interactive cyber defense game developed in partnership with Rivermind, LLC, where students will test their network defense skills in a scenario that will challenge their ability to configure and protect their networks. For more information on the Engineering EXPO, contact: Joan Ozdogan, EXPO Coordinator at jeozdogan@fcps.edu.

Advancing discussion at a national level, Northrop Grumman will sponsor a Washington Post Live Event on Oct. 27 titled “Protecting our Nation’s Assets.” Open to participants nationwide, the live-streamed session will feature thought leaders from government and industry. For more information, go to: www.washingtonpostlive.com.

McAfee: National Cyber Security Alliance, McAfee and CyberSmart! Education Team Up to Bring Cybersecurity Learning Resources to K-12 Classrooms

National Cyber Security Alliance (NCSA) – a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens – in partnership with McAfee and CyberSmart! Education, today released several resources for K-12 schools nationwide to teach students about the importance of security and online safety. These free, easy to use cybersecurity resources include posters, activities, and checklists to help students maintain good cybersecurity practices are being released as part of National Cyber Security Awareness Month activities in October.

These resources target two different K-12 audiences – Elementary/Middle School and Middle/High School. The classroom activities and accompanying posters can be found at http://www.staysafeonline.org/in-the-classroom/lessons-and-teaching-materials Additional classroom materials on cyber security are also available at http://www.staysafeonline.org/in-the-classroom.

Microsoft: Microsoft offers six foundational steps each of us can take to help protect our online safety, devices, information, and families as we learn, explore, and interact online. National Cyber Security Awareness Month, Online Safety

Boeing: As part of Boeing’s support for National Cybersecurity Awareness Month, company leaders will offer insights into Boeing’s commitment to the cyber challenge on Boeing.com’s As We See It page each Monday: http://boeingblogs.com/bds/as-we-see-it/2011/10/inspiring-tomorrows-cyber-defenders.html

Digital Defense and Alamo ISSA:  DDI solutions is partnering with the Alamo ISSA (Information Systems Security Association) during National Cyber Security Awareness month to provide community education forums at no cost to the public. DDI will host two of these informational sessions:http://www.prweb.com/releases/2011/10/prweb8872688.htm
Protecting Yourself Online – Wednesday, October 19th, 5:30 – 6:30 p.m.
This session is designed to highlight risks associated with online computer use with real world examples and recommendations for testing and resolving computer security issues.
Child Safe – Thursday, October 20th, 5:30 – 6:30 p.m.
A program designed to educate and provide a place that parents can come to learn about protecting themselves and their families from online threats, both as they exist today and where they are going tomorrow.

 

→ Leave a comment

Posted in Community, NCCDC, Sponsors

Tagged , ,

Panoply Results

Posted on October 31, 2011 by | Leave a comment

The CIAS has held its 2nd Panoply event on October 15, 2011. This competition has all the bells and whistles, literally. Red and blue flashing lights were connected to systems and when a service was acquired they would go off along with a siren. There was also a remote control nerf gun  that could be launched by any team that was able to compromise and control the system it resided on, and some other fun things. Six local colleges from the San Antonio area competed against each other in this invitation only event. The colleges that participated were from the University of Texas – San Antonio, St. Phillips College, San Antonio College, Our Lady of the Lake University, Texas A&M – Corpus Christi and Texas A&M – San Antonio. Our Lady of the Lake and Texas A&M – Corpus Christi brought 2 teams each.

Congratulations to our 1st and 3rd place winners: Texas A&M – Corpus Christi. They were successful in penetrating and maintaining services on several Virtual Machines.

Our 2nd place winner was the University of Texas – San Antonio. They also displayed exceptional skills in obtaining several VMs as well as taking control of our music computer, thus becoming the Panoply DJ’s.

The CIAS would also like to extend our thanks and gratitude to the other participants in this year’s event. We will be gathering feedback to improve and expand this event in anticipation of making it available on a national scale.

20111021-102517.jpg

20111021-102537.jpg

 

→ Leave a comment

Posted in Panopoly

Tagged , ,

Building a virtual practice network

Posted on October 6, 2011 by | Leave a comment

One of the challenges many CCDC teams face is finding enough power, space, and equipment to build out a practice network. To address this issue, teams are increasingly turning towards virtualization – which is a great solution for competition practice sessions. Virtualization gives teams the ability to build out practice servers, workstations, or entire networks using the same core equipment again and again. Virtualization gives teams the ability to reset images back to their original configuration quickly, save images in various states of modification, share images between team members, and re-use images over and over while testing different ways to solve an issue or find the fastest way of securing a given application or operating system. Sounds great, right? So how do you get started?

How you approach building out your virtualization capability will depend on what hardware you have available. If all you have available is a system with 2 GB of RAM then you’ll probably want to use a product like VMware Player (http://www.vmware.com/products/player/). VMware Player is free and allows you to create and run virtual machines on your Windows or Linux system. If your resources are limited, you may only be able to run one virtual machine at a time, but VMware player will give you the ability to create and practice with 32 and 64 bit Windows and Linux operating systems without wiping out and reloading your system every time you want to switch OSes. If you have a powerful system with plenty of RAM you can even run multiple virtual machines at the same time. Virtual machines created with Player are portable as well – you can copy a virtual machine and hand it to a team member to practice with and you can upload images built with player to a dedicated hypervisor like VMware’s ESXi. If you have a number of machines with limited resources you can still build a practice network of systems – just run VMware Player on multiple machines simultaneously.

If you have a spare server lying around, you can create a dedicated virtual machine server. The ideal candidate has one or more multi-core processors, 4 GB or more of RAM (the more the better), and at least several hundred gig of storage. In general, the more memory you have available the more virtual machines you can run simultaneously, but you’ll be more satisfied with the performance if you give each virtual machine access to at least a gig of RAM and only run 3 or 4 virtual machines per core. For example, if you have a quad core system with 16 GB of RAM you can probably get away with running 12 to 16 virtual machines at the same time so long as you’re not running an AV scan or patching all the systems at the exact same time. Once you’ve located your hardware you need to select a hypervisor – the virtual machine manager that will let you create, run, and manage multiple virtual machines on a single hardware platform. There are several free hypervisors (virtual machine managers) to choose from including VMware’s ESXi (vSphere Hypervisor http://www.vmware.com/products/vsphere-hypervisor/overview.html), the Xen hypervisor (http://xen.org/), VirtualBox (https://www.virtualbox.org/), and Microsoft® Hyper-V™ Server 2008 R2 (http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3512). Be sure to check the hardware requirements and compatibility lists before you choose a hypervisor and feel free to experiment – just because your hardware isn’t “officially approved” doesn’t mean it won’t run that hypervisor with a little tweaking.

Once you’ve built out your virtualization capability – start building virtual machines and practicing. Be sure and check out the Virtual Appliance repository at http://www.vmware.com/appliances/. There you can find pre-built virtual machines with everything from servers to firewalls to PBXs.

→ Leave a comment

Posted in CCDC, How To, NCCDC

Tagged , , , ,

CyberPatriot Registration Closes in Less than a Week

Posted on October 5, 2011 by | Leave a comment

Registration for National High School Cyber Security Competition Closes in Less than a Week. Full article: http://pop.to/8la1

With less than a week left before registration closes, CyberPatriot IV, the National High School Cyber Defense Competition, has more than 850 teams registered!   This competition has grown quite a bit this past year and now includes teams from across the nation. Curious if any of them are in your area? You can check out a listing of the participants here:

CyberPatriot IV Registration.pdf

 

 

→ Leave a comment

Posted in Cyber Patriot, Education

Tagged , ,

CyberPatriot IV

Posted on October 3, 2011 by | Leave a comment

The fourth annual CyberPatriot competition, the National High School Cyber Defense Competition, is coming up.  The competition is open to all high schools, accredited home school programs, Civil Air Patrol units, and Junior ROTC units around the United States.

Competitors learn how to defend and protect computer systems from cyber threats and potential hackers. This program provides students hands-on learning about technology, teamwork, leadership and critical-thinking.

The first CyberPatriot competition consisted of eight teams from the state of Florida.  Today over 700 teams are competing; representing 46 states, Puerto Rico and U.S. DoD Schools located around the world.

The finals will be held in March 2012 in Washington D.C.  The competition has two divisions – Open Division (all non-JROTC high schools) and an All Service Division (JROTC).

CyberPatriot III Open Division winner was Red Bank Regional High School from Little Silver, New Jersey and All Service Division winner was Orlando Cadet Squadron from Orlando, Florida.

Not only is this a great inspiration for our youth to become the cyber defenders of tomorrow, but this is a great breeding ground for future CCDC teams!

More information can be found at http://www.uscyberpatriot.org/.

→ Leave a comment

Posted in Cyber Patriot

Tagged , ,

Panoply Is Right Around the Corner

Posted on September 23, 2011 by | Leave a comment

On October 15, 2011, the NCCDC organizers will be holding Panoply for the second year at the Airport Hilton. Panoply is an event that complements the NCCDC. The primary goal for teams is to obtain resources that reside in a virtual cloud and secure it from the other competitors while maintaining its functionality.

For example, Team A may discover a Virtual Machine that is running on a Windows 2003 platform and is configured to be a DNS server. Team A may use any legal strategy to gain access to the VM and input their unique team string. In this case, Team A must create a reverse lookup entry that responds to a DNS query with the IP address 1.1.1.1 with their team string corresponding to it. We would then do a lookup for the IP address 1.1.1.1. If the team is successful, the result should be as “Name: (Team A’s String)  Address: 1.1.1.1″

More information about Panoply can be found here: http://www.cyberpanoply.com/

The first Panoply event was met with positive feedback. This year’s event will have close to 30 VMs. Along with the virtual targets, there will also be fun challenges where teams can compete for bonus points.

Although this might be considered the “fun” competition, it stresses several important factors that future IT professionals should know about: assessments, security, and maintaining critical services with minimum downtime.

→ Leave a comment

Posted in Panopoly

Tagged ,