Tom Kopchak Competitive Cyber Security: The Ultimate Training Experience
Jun 23, 2015
Tom Kopchak
Competitive Cyber Security:The Ultimate Training
Experience
•Who Am I?
•Why Am I here, and what got me here?
•Why I am passionate about computer security?
About the Presenter - Who am I?
How many of you have experienced a cyber-attack?
System intrusion?
Malware Infestation?
Rushed project?
Mysterious network?
•Hopefully, most of you can relate to several of these scenarios
•If you have not experienced anything, at least some of you are lying, misinformed, or new
•If you aren't worried about attacks, why are you here?
Cyber-Attacks!
•Incidents will happen
•Systems will be compromised
•Applications need to both work and be secure
•People will break things
•You will need to be an expert on something you've never seen before
Truths
Top Skills•Fundamental understanding of security concepts
•Technical skills
•Direct experience
•Personal experience/on your own
•Technology-specific training
•Formal education
How do I get skills?
•Nothing beats practical experience
•How do you get practical experience?
•Production systems
•Personal equipment
•Labs
•Simulated production systems
Practical
•Hands on, practical experience
•Simulated Production systems
•Types
•Defense
•Attack
•Attack/Defend
Competitive Security Events
Collegiate Cyber Defense Competition (CCDC)
•National Collegiate Cyber Security Competition
•Focuses on both business and technical aspects
Collegiate Cyber Defense Competition (CCDC)
• Pre-qualifying (state) events
• Regional events
• Growing every year
• Winner goes to national competition
• National Competition
• San Antonio, Texas
• Top 9 teams in the nation
Competition Structure
• Competing teams have just been hired as the IT staff for a company• Everyone was fired
• Teams must secure their network, while completing a multitude of business tasks (injects)
• Red team = bad guys
Competition Premise
• DNS
• Mail (SMTP and POP)
• Web
• Secure Web (ecommerce)
• FTP
• Database
• SSH
• VoIP
What types of applications?
• Cisco IOS (Router, Switch, ASA)
• Windows
• Linux
• MacOS
• Printers
• VoIP Phones
• Wireless
What types of systems?
• Investigate a database breach
• Deploy McAfee security software
• Upgrade clients to Windows 7
• Provide a list of top attacking IPs
• Install and configure Splunk
Potential Injects - Technical
• Block social networking websites
• Develop an IT policy
• Create user accounts
• Recover lost e-mail
• Create a job description for HR
Potential Injects - Business
• Unplug everything, secure it, and bring it back online
• Services are not available
• Customers are not happy
• Mitigate security issues while keeping services alive
• The red team is everywhere
• Run away, crying
Potential Strategies – Day One
• Number of issues/systems/tasks greater than available manpower
• Unexpected difficulties/limitations/business rules and policies
• Uptime & SLA requirements
Challenges
EMC Training Center: Franklin, MassachusettsTopology – 2011 Regionals
Topology - 2011 NationalsSan Antonio, Texas
•Storytime with Tom (time permitting)
•CCDC experiences
•Red team attacks
•Strange tasks
Personal Experiences
•CCDC = NCAA of Computer Security
•US Cyber Challenge
•Private Events
• RIT Information Technology Talent Search (ISTS)
• Hurricane Labs Hackademic Challenge
• Hack for Hunger
But wait, there's more!
•Many opportunities/needs exist
•Gain experience yourself, and help others get involved
Get involved, and encourage others!
Wrap Up/QA