Competitive Cyber Security

Tom Kopchak

Competitive Cyber Security:The Ultimate Training

Experience

•Who Am I?

•Why Am I here, and what got me here?

•Why I am passionate about computer security?

About the Presenter - Who am I?

How many of you have experienced a cyber-attack?

System intrusion?

Malware Infestation?

Rushed project?

Mysterious network?

•Hopefully, most of you can relate to several of these scenarios

•If you have not experienced anything, at least some of you are lying, misinformed, or new

•If you aren't worried about attacks, why are you here?

Cyber-Attacks!

•Incidents will happen

•Systems will be compromised

•Applications need to both work and be secure

•People will break things

•You will need to be an expert on something you've never seen before

Truths

Top Skills•Fundamental understanding of security concepts

•Technical skills

•Direct experience

•Personal experience/on your own

•Technology-specific training

•Formal education

How do I get skills?

•Nothing beats practical experience

•How do you get practical experience?

•Production systems

•Personal equipment

•Labs

•Simulated production systems

Practical

•Hands on, practical experience

•Simulated Production systems

•Types

•Defense

•Attack

•Attack/Defend

Competitive Security Events

Collegiate Cyber Defense Competition (CCDC)

•National Collegiate Cyber Security Competition

•Focuses on both business and technical aspects

Collegiate Cyber Defense Competition (CCDC)

• Pre-qualifying (state) events

• Regional events

• Growing every year

• Winner goes to national competition

• National Competition

• San Antonio, Texas

• Top 9 teams in the nation

Competition Structure

• Competing teams have just been hired as the IT staff for a company• Everyone was fired

• Teams must secure their network, while completing a multitude of business tasks (injects)

• Red team = bad guys

Competition Premise

• DNS

• Mail (SMTP and POP)

• Web

• Secure Web (ecommerce)

• FTP

• Database

• SSH

• VoIP

What types of applications?

• Cisco IOS (Router, Switch, ASA)

• Windows

• Linux

• MacOS

• Printers

• VoIP Phones

• Wireless

What types of systems?

• Investigate a database breach

• Deploy McAfee security software

• Upgrade clients to Windows 7

• Provide a list of top attacking IPs

• Install and configure Splunk

Potential Injects - Technical

• Block social networking websites

• Develop an IT policy

• Create user accounts

• Recover lost e-mail

• Create a job description for HR

Potential Injects - Business

• Unplug everything, secure it, and bring it back online

• Services are not available

• Customers are not happy

• Mitigate security issues while keeping services alive

• The red team is everywhere

• Run away, crying

Potential Strategies – Day One

• Number of issues/systems/tasks greater than available manpower

• Unexpected difficulties/limitations/business rules and policies

• Uptime & SLA requirements

Challenges

EMC Training Center: Franklin, MassachusettsTopology – 2011 Regionals

Topology - 2011 NationalsSan Antonio, Texas

•Storytime with Tom (time permitting)

•CCDC experiences

•Red team attacks

•Strange tasks

Personal Experiences

•CCDC = NCAA of Computer Security

•US Cyber Challenge

•Private Events

• RIT Information Technology Talent Search (ISTS)

• Hurricane Labs Hackademic Challenge

• Hack for Hunger

But wait, there's more!

•Many opportunities/needs exist

•Gain experience yourself, and help others get involved

Get involved, and encourage others!

Wrap Up/QA