Pacific rim collegiate cyber defense competition
This presentation is the property of its rightful owner.
Sponsored Links
1 / 41

Pacific Rim Collegiate Cyber Defense Competition PowerPoint PPT Presentation


  • 197 Views
  • Uploaded on
  • Presentation posted in: General

Pacific Rim Collegiate Cyber Defense Competition. CCDC Team Lee VanGundy, Nate Krussel , Theora Rice, Morgan Weir, Scott Amack , Jason Fletcher, Maxine Major, Travis Marquis . Overview. Competition When How it works Competition Plan Beginning During the Competition

Download Presentation

Pacific Rim Collegiate Cyber Defense Competition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Pacific rim collegiate cyber defense competition

Pacific Rim Collegiate Cyber Defense Competition

CCDC Team

Lee VanGundy, Nate Krussel, Theora Rice, Morgan Weir, Scott Amack, Jason Fletcher, Maxine Major, Travis Marquis


Overview

Overview

  • Competition

    • When

    • How it works

  • Competition Plan

    • Beginning

    • During the Competition

  • Individual Presentations

    • CCDC Team


Prccdc

PRCCDC

  • March 23 & 24, 2013

  • Pre-Qualification Cancelled

  • Winner of Regional Goes to Nationals


Rules how the competition works

Rules/How the Competition Works

  • Basic Scenario

    • IT services for company

  • Must maintain services designated by White team

  • Don’t Hack the other teams (including Red)

  • Complete Business Injects


Rules how the competition works1

Rules/How the Competition Works

  • First Day

    • Bring your network up to standards

    • Red team install back doors

  • Second Day

    • Try to stay live

    • Red team breaks anything and everything


Competition plan

Competition Plan

  • First Hour or Two

    • Setup

  • Rest of the Competition

    • Business Injects


Beginning

Beginning

  • Disconnect Network

  • Harden Machines

    • Servers

    • Workstations

  • Multiple servers one machine?

  • IDS

  • Bring Network back online


Rest of the competition

Rest of the Competition

  • Business Injects

    • Delegated by:

      • Experience

      • Time available

  • Maintain Network

  • Incident Reports


Cisco router and switch

Cisco Router and Switch

Security and Network Communication Configurations

Trevor


Switch router

Switch & Router

  • Disable remote access to devices (Telnet & SSH)

  • Disable HTTP(S) servers

  • Enable secret passwords (encryption)

  • Install ACL’s to secure access to specific networks & devices

Trevor


Switch

Switch

  • Configure storm control protection

  • Configure ARP spoofing protection

  • Set up VLAN’s to segregate hostile from trusted networks

  • Block untrusted ports from broadcasting and multicasting packets through the network

Trevor


Router

Router

  • Setup routing based upon network segments and subnets and to reach the internet

  • Configure Inter-VLAN routing based upon the IP subnets given to our team

  • Protect against packet fragments, spoofed IP’s and MAC’s

Trevor


Forms presentations policy and a little bit of snort

Forms, Presentations, Policy and a little bit of Snort

Theora


Forms

Forms

  • Two Forms

    • Business Inject

    • Incident Response

  • Specify information needed

  • Organization

  • Future Planning

Theora


Policy and presentations

Policy and Presentations

  • Policy

    • Reviewing

      • Policy challenges from last year

    • Planning

      • Collecting possible examples/dictionary for binder

  • Presentations

    • Reviewing

      • Remembering advice from last year

        • More pictures and technical descriptions

    • Planning

      • Keeping on top of current technology trends

I’m an Image

Theora


Intrusion detection system

Intrusion Detection System

  • Backtrack 4-5R3 all come with Snort

  • Practice

    • Configured Snort to run on Backtrack in Proton

      • Changing the .config file

    • Conducted some beginning tests

    • Reviewing default rules

Theora


Pacific rim collegiate cyber defense competition

BASE

Basic Analysis and Security Engine

Jason


Front end analysis for snort

Front-End Analysis for Snort

  • Graphical Representation of Traffic/Alerts

  • Can Search Alerts

  • Quick Analysis of Results

Jason


Graphical representation

Graphical Representation

Jason


Searching

Searching

Jason


Analysis

Analysis

Jason


Setup requirements

Setup – Requirements

  • ADOdb Database Abstraction Library for PHP (ADOdb)

  • MySQL (make sure Snort is configured to use it)

Jason


Setup

Setup

  • Move ADOdb

    • mvadodb /var/www

  • Move BASE and chmod the folder to 757

    • Allows BASE to write the Setup file

  • Open Web Browser, go to BASE Setup page

Jason


Setup page

Setup page

Jason


Finishing

Finishing

  • Enter ADOdb path (/var/www/adodb)

  • Enter MySQL info (user name, password, etc)

  • Enter Authentication Information

Jason


Optional graphs

Optional – Graphs

  • Install PHP Extensions:

    • pear install Image_Color

    • pear install Image_Canvas-alpha

    • pear install Image_Graph-alpha

Jason


Software to use

Software to Use

  • BitDefender (Workstations)

  • ClamAV (Servers)

  • Rkhunter, chkroot (Linux Servers)

Morgan


Os hardening

OS Hardening

  • Windows

    • Disabling remote desktop

    • Rotating Passwords

    • Etc.

  • Linux

    • Disabling root account

    • Change ssh port

    • Etc.

Morgan


General os hardening

General OS Hardening

  • Binders

    • Server setup

    • Other information for all tasks

  • Step-by-step Setup for server devices

  • Hardening Ubuntu Guide.doc

  • Hardening Windows Guide.doc

Scott


Wordpress

WordPress

And all the stuff it affects

Maxine


Pacific rim collegiate cyber defense competition

Goal

  • Identify specific weaknesses

    • WordPress internals

    • Integrated systems (MySQL, phpMyAdmin, Apache)

  • Create guide for initial hardening

    • First 20 min / First 60 min

  • Maintenance / special case vulnerabilities

  • Documentation for potential business scenarios (plugins / widgets)

Maxine


Wordpress weaknesses

WordPress Weaknesses

  • Majority of reported vulnerabilities are XSS.

    • Metasploit:

      • CVE-2005-2612WordPress cache_lastpostdate Arbitrary Code Execution

      • CVE-2009-2335Wordpress Brute Force and User Enumeration Utility

  • http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

Maxine


Wordpress hardening

WordPress Hardening

  • Current Version

    • Current ver. Is 3.5.1(Dec 2012) Upgrading is ideal, but time consuming. Old versions are not patched.

    • Common sense:

      • Clean up unused plugins, user accounts, etc. Limit login attempts

    • Delete Admin login.

      • Log in  create new user with admin privileges  log in with new user  delete admin.

    • Permissions – change recursively:

      For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

    • Move wp-config.php outside web root. Change permissions to 600.

    • WP implemented security keys Random salt generator

    • wp_ prefixes

      • All wordpress database files prefixed with wp_. Change (complicated)

Maxine


Wordpress hardening1

WordPress Hardening

  • Enable SSL (wp-config.php)

  • Disallow bots (robot.txt in root

  • Advanced rules in .htaccess

  • Delete readme (can be used for fingerprinting)

  • Additional hardening:

    • Limit admin/user access by IP

    • Hide hard URL (use relative)

    • Deny bad query strings (script in .htaccess)

    • Delete MySQL “test” database (and any other associated unused DBs or users)

    • Fingerprint source code / header removal

    • PHP intrusion detection (PHPIDS, Mute Screamer)

Maxine


Plugins

Plugins

  • Benefits of security-enhancing plugins. E.g.:

    • Bulletproof securityXSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL

    • Vulnerability scanners

      • Anti-Malware, Exploit Scanner, Security Ninja Lite,

    • Monitoring plugins

      • 5-minute stat reporting through Verelo

  • .. And potential problems. E.g.:

    • W3 Total Cache (W3TC) plugin flaw leaves directories exposed & data vulnerable to brute force cracking

    • Google Document embedderweakness of arbitrary file disclosure.

    • Older versions of WordPress have long-running vulnerabilities (e.g. prior to 2.8.1, failed login attempts validate usernames)

    • Goal: Identify tested & trusted plugins to minimize searching at competition time.

  • “Free WordPress Themes” IS A BAD IDEA.

    • 8/10 had malware. Get plugins only from WP repository.

Maxine


Business scenarios

Business Scenarios

  • Last year, business inject requested live tech support.

  • Additional plugins/widgets:

    • Ratings modules

    • Sitemap

    • Google maps

    • eCommerce & shopping carts: PayPal, etc.

    • Retweeting / liking / sharing

    • Registration / membership

    • Redesign

  • (Most of these are easy to find at http://wordpress.org/extend/plugins/)

Maxine


Domain controller

Domain Controller

Nate


Dc group policy

DC - Group Policy

  • Learn to deploy group policies quicker

  • Look at group policies from last year

    • Pre-write GPO

  • Find popular GPO’s to reduce exploits

Nate


Dc hardening

DC - Hardening

  • Get large amounts of patches

  • Discover tips for DC hardening

  • Production Server requirements

  • NIST Windows Server hardening

Nate


Dc business injects

DC - Business Injects

  • Create a VPN quickly and efficiently

  • Look at past injects to see what was required

    • Learn to do these fast to reduce time

  • User management

  • Least privilege

Nate


  • Login