NSA Takes On West Point In Security Exercise 140
Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army's network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting:
"Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. 'One of the challenges was when they see a scan, deciding if this is it, or if it's a cover,' says [instructor Eric] Dean. Spotting 'cover' attacks meant thinking like the NSA -- something Dean says the cadets did quite well. 'I was surprised at their creativity.' Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools' networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network."
Re:Fantastic (Score:5, Insightful)
Re:Fantastic (Score:1, Insightful)
Oh please, they all say that - the USNA, USAFA, even the USCGA. Not to mention that MIT, Stanford, Carnegie Melon, et al contend that they get the best of the best. I have worked with managers and engineers that graduated from various military academies; other than an inflated sense of patriotism and an intolerance for dissent, these people are no different from any other college.
As a former Marine, I have had to contend with more than one arrogant "ring knocker".
The military officer is the last of the elitist blue-bloods left in American society. The military NCO is the last of the true patriots that somehow just find a way to get it done.
There is no cleaning a rootkit (Score:4, Insightful)
When you detect malware installed on your system, wipe and reinstall. Always! There is no "cleaning".
Probably wasn't possible given the parameters of the test, but they tried to clean a rootkit and got the predictable result.
Re:More details, anybody? (Score:4, Insightful)
Re:Fantastic (Score:4, Insightful)
Which trainees? (Score:3, Insightful)
Re:You have to understand (Score:3, Insightful)
Re:Register the Trainees (Score:3, Insightful)
The military has been graduating experts in the "black arts"* since the inception of organized militaries. Guys who know basic hand to hand combat, firearms skills. Advanced soldiers learn even more technical and lethal combat skills. I'm not saying that every soldier is a killing machine, but that is what they train for. Black hat network uber hacker on the "outside" a real threat? As veterans, aren't they already sort of registered? They've got their DNA on file. What more do you want from those who have served? Constant loyalty tests?
Good network security shouldn't be through obscurity, so even the "black hats" should know as much as the "white hats".
*I using the term "black arts" hear to refer to all those things which are generally forbidden except when in a war zone, killing, breaking things, etc. I won't bore you with a list. Granted, the killing is supposed to be reserved for combatants.