Friday, October 03, 2008
ICE
(backposting) I won a wooden katana (martial arts sword) today, for "Best Defense" over the 3 days. Tonight I stepped back and tried to help coordinate the attempts of the two new team captains, offering help as required. It was great fun, and I learnt lots and lots. I'm really, really chuffed with the katana. I was really impressed with the guys from White Wolf Security, and there was also a Lieut-Col from the US Air Force who was observing for all three days: they seem to be taking a major interest in the whole area. Much credit to Fortinet, whose firewalls we used, and, of course, Larry and Paul from Pauldotcom, whose podcast I need to start catching.Labels: hackery
Thursday, October 02, 2008
More training, more hackery
(backposting) I've been very impressed with my SANS course, which is 506: Security Unix/Linux. And it's been useful on the ICE II exercise, which I took part in again today. This time we had more defenders (there were more attackers, too!), and George (a guy on another of the courses) and I took a team of defenders each. We thought we got completely hosed, but at the de-brief afterwards, it was interesting to discover that we'd been in better shape than we thought. It's easy to panic, and we did, particularly at the beginning.Wednesday, October 01, 2008
Hacking games
(backposting) This evening, I took part in ICE II, which is a "cyber exercise". Two teams of 8-15 each. One team (the defenders) gets given a network that they need to keep the other team (the attackers) out of. Before they enter their respective rooms, neither has seen the network or what's on it. The attackers get access to a bunch of tools: the defenders have to make do with what's on the (old, and generally very exploitable) systems they're looking after. And when I say old, I'm talking Windows 2000 and more. A mix of Linux and Windows, a SCADA (power) box, a couple of VOIP phones, and IP camera and a PABX box (running Asterisk).I ended up leading the defender team. We got lots of help from a Larry Pesce from PaulDotCom, but then again, the attackers had lots of help from Paul Assadorian (also from PaulDotCom). Both sides did well: we managed better than I thought we had. Lots of credit to everyone on the defenders team, and also to the folks who set it up.
I ended up with a Wi-spy. Geek-a-rama.
All very useful indeed in understanding how threats play out: the scenario basically tries to put you in the place of an incident team parachuted (metaphorically) into a NOC (Network Operations Centre) which is under (virtual) siege from malicious attackers.
blogs4god
