NSA Takes On West Point In Security Exercise 140
Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army's network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting:
"Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. 'One of the challenges was when they see a scan, deciding if this is it, or if it's a cover,' says [instructor Eric] Dean. Spotting 'cover' attacks meant thinking like the NSA -- something Dean says the cadets did quite well. 'I was surprised at their creativity.' Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools' networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network."
Re:What's with the fearmongering? (Score:2, Informative)
West Point Club (Score:2, Informative)
This isn't really an official extension of West Point, but rather a club at West Point known as SIGSAC.
The club's members every year get a chance to visit the NSA and see some rather interesting stuff, and so has a rather good relationship with the NSA in general.
The club itself operates out of West Point but has a network connection that isn't attached to West Point's network. It has actually participated in contests in the past as well with other schools/groups, so unless something's changed in the past couple years, that part of the summary is incorrect. If I had to wager a guess I'd say the focus of the group is just being directed purely at defensive measures, rather than actual attacks.
Re:Rootkit is payload... (Score:3, Informative)
Frankly, I was underwhelmed by the whole story. It was pretty clear the journo doesn't have a clue what was going on. Wired should be able to do better than that.
Re:What's with the fearmongering? (Score:5, Informative)
Under Secretary of Defense for Intelligence
* Defense Intelligence Agency
* Defense Security Service
* Counterintelligence Field Activity
* National Geospatial-Intelligence Agency
* National Reconnaissance Office
* National Security Agency
I was in the exercise... (Score:5, Informative)
As for the 'custom tools', I have no idea what they are talking about. We used native Windows logging and a few open source programs to pull logs to a log server, but that was about it for extra programs. I would agree that the article was written for the non-technical person, but those are the kinda of questions they were asking us when the reporter was here.
Re:West Point Club (Score:5, Informative)
Re:Sysinternals? Windows? (Score:3, Informative)
Opposing Force Commander, Gen. Paul van Ripen won.
He was not invited back
Cadets do not learn, they just get to press the "refloat" icon.
http://www.nytimes.com/2008/01/12/washington/12navy.html?ex=1357794000&en=a4dbb42d5ad2a700&ei=5088&partner=rssnyt&emc=rss [nytimes.com]
"The sheer numbers involved overloaded their ability, both mentally and electronically, to handle the attack,.. "
ENDEX (Score:2, Informative)
IF Asked AND IF Unclassified, the agency/party MAY provide a copy of the ENDEX.
Contact the Acadamies, NSA, even the Departments of Defense, Army, Air Force, Navy.
ENDEX's have event logs, referee notes, exercise build and teardown plans....
Re:Curious (Score:4, Informative)
Re:Rules? (Score:3, Informative)
Re:Academy academics (Score:1, Informative)
Re:I was in the exercise... (Score:5, Informative)
The network directive given out to the academies had stipulation they had to follow, and a scenario that reflected real world situations (the cadets were setting up a network that included VMs of computers they HAD to include in their network). The network directive also had costs associated with anything the cadets wanted to do. So if they wanted to park a cadet at a Snort terminal for the duration of the exercise, that had a cost associated with it, as did setting up VLANS, using IPSEC, other IDS sensors, firewalls, host/service monitors, etc. Each academy had to submit their network structure for review and approval prior to STARTEX. The scenario reflects real world situations that would come up in most operations that involve other allied nations.
The NSA was strictly there to attack the networks and document any exploits they succeeded with. I can't go into details as to what our Rules of Engagement were, but suffice to say that we met with success with every school that was actually scored (the two graduate schools that participated were not scored).
The whole goal of the exercise is to prepare the cadets for SECURING a network against information security threats. It is a DEFENSIVELY ORIENTED exercise. The cadets don't do any hacking (and I honestly think that unless a gifted or experienced cadet was at an academy with the skills to do a network penetration, they would not meet with much success).
Re:Rootkit is payload... (Score:4, Informative)