The truth is incidents will happened and systems will get compromised. You need to be an expert on how to handle these incidents. The best way to learn is through experience, such as the Collegiate Cyber Defense Competition.
8. •Hopefully, most of you can relate to several of these
scenarios
•If you have not experienced anything, at least some of
you are lying, misinformed, or new
•If you aren't worried about attacks, why are you here?
Cyber-Attacks!
9. •Incidents will happen
•Systems will be compromised
•Applications need to both work and be secure
•People will break things
•You will need to be an expert on something
you've never seen before
Truths
12. •Nothing beats practical experience
•How do you get practical experience?
• Production systems
• Personal equipment
• Labs
• Simulated production systems
Practical
13. •Hands on, practical experience
•Simulated Production systems
•Types
• Defense
• Attack
• Attack/Defend
Competitive Security Events
15. •National Collegiate Cyber Security Competition
•Focuses on both business and technical aspects
Collegiate Cyber Defense
Competition (CCDC)
16. • Pre-qualifying (state) events
• Regional events
• Growing every year
• Winner goes to national competition
• National Competition
• San Antonio, Texas
• Top 9 teams in the nation
Competition Structure
17. • Competing teams have just been
hired as the IT staff for a company
• Everyone was fired
• Teams must secure their network,
while completing a multitude of
business tasks (injects)
• Red team = bad guys
Competition Premise
18. • DNS
• Mail (SMTP and POP)
• Web
• Secure Web (ecommerce)
• FTP
• Database
• SSH
• VoIP
What types of applications?
19. • Cisco IOS (Router, Switch, ASA)
• Windows
• Linux
• MacOS
• Printers
• VoIP Phones
• Wireless
What types of systems?
20. • Investigate a database breach
• Deploy McAfee security software
• Upgrade clients to Windows 7
• Provide a list of top attacking IPs
• Install and configure Splunk
Potential Injects - Technical
21. • Block social networking websites
• Develop an IT policy
• Create user accounts
• Recover lost e-mail
• Create a job description for HR
Potential Injects - Business
22. • Unplug everything, secure it, and bring it back online
• Services are not available
• Customers are not happy
• Mitigate security issues while keeping services alive
• The red team is everywhere
• Run away, crying
Potential Strategies – Day One
23. • Number of issues/systems/tasks greater than
available manpower
• Unexpected difficulties/limitations/business rules
and policies
• Uptime & SLA requirements
Challenges
Matrix reference - "load me up the helicopter program"
Based on Career Impact Survey of more than 2250 information security professionals conducted by (ISC)², the administrators of the CISSP certification.