Less 'boot camp', more 'boot-up camp'
Systems administrator David Riebrandt's first hint that intruders had hacked the military network came from telltale electronic footprints. From the logs--electronic records of the information passed on the network--it quickly became evident that a server with gate-keeping control over different parts of the system was getting downright chatty with a foreign computer via the Internet. "I didn't know what the information meant," Riebrandt said. "I just knew that someone was talking to (the server). And it was talking back." Luckily he'll get a chance to learn from his mistakes--without grave consequences. The attackers weren't foreign-sponsored spies or hackers creeping through the Pentagon's computer systems, but a Department of Defense "red team" attempting to poke holes in a mock military network run by students of the Naval Postgraduate School here.
Hardening the nation's Internet defenses against cyberattack has been a goal long discussed in policy circles, but results have been slow in coming. The Clinton administration drafted the National Plan for Critical Infrastructure in 1999 and released it for public comment in 2000. Included in the plan were 10 steps that the government should take to defend important national infrastructure, including communications and the Internet, against attack.
Yet only in the past year have concrete steps been taken, including discussions of separate networks for intra-agency data, computer security scholarships in return for service, and budget increases. While not part of the National Plan, the Cyber-Defense Exercise does address one of the plan's 10 steps: training more security professionals.
The four-day exercise, which ended Thursday, pitted so-called blue teams of students from six different military academies against professional military red teams. The red teams are made up of government employees from the National Security Agency and soldiers from the U.S. Air Force's 92nd Information Warfare Aggressor Squadron and the Army's Land Information Warfare Activity.
News source: ZDnet News
View: Training the cyberwar troops
Systems administrator David Riebrandt's first hint that intruders had hacked the military network came from telltale electronic footprints. From the logs--electronic records of the information passed on the network--it quickly became evident that a server with gate-keeping control over different parts of the system was getting downright chatty with a foreign computer via the Internet. "I didn't know what the information meant," Riebrandt said. "I just knew that someone was talking to (the server). And it was talking back." Luckily he'll get a chance to learn from his mistakes--without grave consequences. The attackers weren't foreign-sponsored spies or hackers creeping through the Pentagon's computer systems, but a Department of Defense "red team" attempting to poke holes in a mock military network run by students of the Naval Postgraduate School here.
Hardening the nation's Internet defenses against cyberattack has been a goal long discussed in policy circles, but results have been slow in coming. The Clinton administration drafted the National Plan for Critical Infrastructure in 1999 and released it for public comment in 2000. Included in the plan were 10 steps that the government should take to defend important national infrastructure, including communications and the Internet, against attack.
Yet only in the past year have concrete steps been taken, including discussions of separate networks for intra-agency data, computer security scholarships in return for service, and budget increases. While not part of the National Plan, the Cyber-Defense Exercise does address one of the plan's 10 steps: training more security professionals.
The four-day exercise, which ended Thursday, pitted so-called blue teams of students from six different military academies against professional military red teams. The red teams are made up of government employees from the National Security Agency and soldiers from the U.S. Air Force's 92nd Information Warfare Aggressor Squadron and the Army's Land Information Warfare Activity.
News source: ZDnet News View: Training the cyberwar troops
The 30 participants from the Navy Postgraduate School seemed to have done well. Aside from the primary domain controller whose security got cracked twice, the red teams were able to compromise only one other server. That was an unsecured backup system that wasn't supposed to be part of the exercise but had accidentally been left connected to the network during the 6 a.m. to 2 p.m. PDT attack window.
Early each morning, a student on the blue team had to show a white team referee that the network services were up and running. The white team, the "U.N. observers" of this particular exercise, were analysts from the Computer Emergency Response Team Coordination Center at Carnegie Mellon University (CERT). They would evaluate each side's claims of penetration and response. After proving the network was up, the blue team students had to keep their hands off the computers during the 6 a.m. to 2 p.m. attack window. Between noon and 2 p.m., they could watch what was happening but could not react. After 2 p.m., the group would then go to work, searching the network for evidence that the red team had gotten in.
Keeping each service up on the network--e-mail or FTP file access, for instance--granted the blue team points. But the red team could steal those points away by successfully compromising the service. Discovering the attack and responding would then be the blue team's only way to get points back.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.