Pacific rim collegiate cyber defense competition
Sponsored Links
This presentation is the property of its rightful owner.
1 / 41

Pacific Rim Collegiate Cyber Defense Competition PowerPoint PPT Presentation


  • 211 Views
  • Uploaded on
  • Presentation posted in: General

Pacific Rim Collegiate Cyber Defense Competition. CCDC Team Lee VanGundy, Nate Krussel , Theora Rice, Morgan Weir, Scott Amack , Jason Fletcher, Maxine Major, Travis Marquis . Overview. Competition When How it works Competition Plan Beginning During the Competition

Download Presentation

Pacific Rim Collegiate Cyber Defense Competition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Pacific Rim Collegiate Cyber Defense Competition

CCDC Team

Lee VanGundy, Nate Krussel, Theora Rice, Morgan Weir, Scott Amack, Jason Fletcher, Maxine Major, Travis Marquis


Overview

  • Competition

    • When

    • How it works

  • Competition Plan

    • Beginning

    • During the Competition

  • Individual Presentations

    • CCDC Team


PRCCDC

  • March 23 & 24, 2013

  • Pre-Qualification Cancelled

  • Winner of Regional Goes to Nationals


Rules/How the Competition Works

  • Basic Scenario

    • IT services for company

  • Must maintain services designated by White team

  • Don’t Hack the other teams (including Red)

  • Complete Business Injects


Rules/How the Competition Works

  • First Day

    • Bring your network up to standards

    • Red team install back doors

  • Second Day

    • Try to stay live

    • Red team breaks anything and everything


Competition Plan

  • First Hour or Two

    • Setup

  • Rest of the Competition

    • Business Injects


Beginning

  • Disconnect Network

  • Harden Machines

    • Servers

    • Workstations

  • Multiple servers one machine?

  • IDS

  • Bring Network back online


Rest of the Competition

  • Business Injects

    • Delegated by:

      • Experience

      • Time available

  • Maintain Network

  • Incident Reports


Cisco Router and Switch

Security and Network Communication Configurations

Trevor


Switch & Router

  • Disable remote access to devices (Telnet & SSH)

  • Disable HTTP(S) servers

  • Enable secret passwords (encryption)

  • Install ACL’s to secure access to specific networks & devices

Trevor


Switch

  • Configure storm control protection

  • Configure ARP spoofing protection

  • Set up VLAN’s to segregate hostile from trusted networks

  • Block untrusted ports from broadcasting and multicasting packets through the network

Trevor


Router

  • Setup routing based upon network segments and subnets and to reach the internet

  • Configure Inter-VLAN routing based upon the IP subnets given to our team

  • Protect against packet fragments, spoofed IP’s and MAC’s

Trevor


Forms, Presentations, Policy and a little bit of Snort

Theora


Forms

  • Two Forms

    • Business Inject

    • Incident Response

  • Specify information needed

  • Organization

  • Future Planning

Theora


Policy and Presentations

  • Policy

    • Reviewing

      • Policy challenges from last year

    • Planning

      • Collecting possible examples/dictionary for binder

  • Presentations

    • Reviewing

      • Remembering advice from last year

        • More pictures and technical descriptions

    • Planning

      • Keeping on top of current technology trends

I’m an Image

Theora


Intrusion Detection System

  • Backtrack 4-5R3 all come with Snort

  • Practice

    • Configured Snort to run on Backtrack in Proton

      • Changing the .config file

    • Conducted some beginning tests

    • Reviewing default rules

Theora


BASE

Basic Analysis and Security Engine

Jason


Front-End Analysis for Snort

  • Graphical Representation of Traffic/Alerts

  • Can Search Alerts

  • Quick Analysis of Results

Jason


Graphical Representation

Jason


Searching

Jason


Analysis

Jason


Setup – Requirements

  • ADOdb Database Abstraction Library for PHP (ADOdb)

  • MySQL (make sure Snort is configured to use it)

Jason


Setup

  • Move ADOdb

    • mvadodb /var/www

  • Move BASE and chmod the folder to 757

    • Allows BASE to write the Setup file

  • Open Web Browser, go to BASE Setup page

Jason


Setup page

Jason


Finishing

  • Enter ADOdb path (/var/www/adodb)

  • Enter MySQL info (user name, password, etc)

  • Enter Authentication Information

Jason


Optional – Graphs

  • Install PHP Extensions:

    • pear install Image_Color

    • pear install Image_Canvas-alpha

    • pear install Image_Graph-alpha

Jason


Software to Use

  • BitDefender (Workstations)

  • ClamAV (Servers)

  • Rkhunter, chkroot (Linux Servers)

Morgan


OS Hardening

  • Windows

    • Disabling remote desktop

    • Rotating Passwords

    • Etc.

  • Linux

    • Disabling root account

    • Change ssh port

    • Etc.

Morgan


General OS Hardening

  • Binders

    • Server setup

    • Other information for all tasks

  • Step-by-step Setup for server devices

  • Hardening Ubuntu Guide.doc

  • Hardening Windows Guide.doc

Scott


WordPress

And all the stuff it affects

Maxine


Goal

  • Identify specific weaknesses

    • WordPress internals

    • Integrated systems (MySQL, phpMyAdmin, Apache)

  • Create guide for initial hardening

    • First 20 min / First 60 min

  • Maintenance / special case vulnerabilities

  • Documentation for potential business scenarios (plugins / widgets)

Maxine


WordPress Weaknesses

  • Majority of reported vulnerabilities are XSS.

    • Metasploit:

      • CVE-2005-2612WordPress cache_lastpostdate Arbitrary Code Execution

      • CVE-2009-2335Wordpress Brute Force and User Enumeration Utility

  • http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

Maxine


WordPress Hardening

  • Current Version

    • Current ver. Is 3.5.1(Dec 2012) Upgrading is ideal, but time consuming. Old versions are not patched.

    • Common sense:

      • Clean up unused plugins, user accounts, etc. Limit login attempts

    • Delete Admin login.

      • Log in  create new user with admin privileges  log in with new user  delete admin.

    • Permissions – change recursively:

      For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

    • Move wp-config.php outside web root. Change permissions to 600.

    • WP implemented security keys Random salt generator

    • wp_ prefixes

      • All wordpress database files prefixed with wp_. Change (complicated)

Maxine


WordPress Hardening

  • Enable SSL (wp-config.php)

  • Disallow bots (robot.txt in root

  • Advanced rules in .htaccess

  • Delete readme (can be used for fingerprinting)

  • Additional hardening:

    • Limit admin/user access by IP

    • Hide hard URL (use relative)

    • Deny bad query strings (script in .htaccess)

    • Delete MySQL “test” database (and any other associated unused DBs or users)

    • Fingerprint source code / header removal

    • PHP intrusion detection (PHPIDS, Mute Screamer)

Maxine


Plugins

  • Benefits of security-enhancing plugins. E.g.:

    • Bulletproof securityXSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL

    • Vulnerability scanners

      • Anti-Malware, Exploit Scanner, Security Ninja Lite,

    • Monitoring plugins

      • 5-minute stat reporting through Verelo

  • .. And potential problems. E.g.:

    • W3 Total Cache (W3TC) plugin flaw leaves directories exposed & data vulnerable to brute force cracking

    • Google Document embedderweakness of arbitrary file disclosure.

    • Older versions of WordPress have long-running vulnerabilities (e.g. prior to 2.8.1, failed login attempts validate usernames)

    • Goal: Identify tested & trusted plugins to minimize searching at competition time.

  • “Free WordPress Themes” IS A BAD IDEA.

    • 8/10 had malware. Get plugins only from WP repository.

Maxine


Business Scenarios

  • Last year, business inject requested live tech support.

  • Additional plugins/widgets:

    • Ratings modules

    • Sitemap

    • Google maps

    • eCommerce & shopping carts: PayPal, etc.

    • Retweeting / liking / sharing

    • Registration / membership

    • Redesign

  • (Most of these are easy to find at http://wordpress.org/extend/plugins/)

Maxine


Domain Controller

Nate


DC - Group Policy

  • Learn to deploy group policies quicker

  • Look at group policies from last year

    • Pre-write GPO

  • Find popular GPO’s to reduce exploits

Nate


DC - Hardening

  • Get large amounts of patches

  • Discover tips for DC hardening

  • Production Server requirements

  • NIST Windows Server hardening

Nate


DC - Business Injects

  • Create a VPN quickly and efficiently

  • Look at past injects to see what was required

    • Learn to do these fast to reduce time

  • User management

  • Least privilege

Nate


  • Login