Pacific rim collegiate cyber defense competition
Download
1 / 41

Pacific Rim Collegiate Cyber Defense Competition - PowerPoint PPT Presentation


  • 244 Views
  • Uploaded on

Pacific Rim Collegiate Cyber Defense Competition. CCDC Team Lee VanGundy, Nate Krussel , Theora Rice, Morgan Weir, Scott Amack , Jason Fletcher, Maxine Major, Travis Marquis . Overview. Competition When How it works Competition Plan Beginning During the Competition

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Pacific Rim Collegiate Cyber Defense Competition' - syshe


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Pacific rim collegiate cyber defense competition

Pacific Rim Collegiate Cyber Defense Competition

CCDC Team

Lee VanGundy, Nate Krussel, Theora Rice, Morgan Weir, Scott Amack, Jason Fletcher, Maxine Major, Travis Marquis


Overview
Overview

  • Competition

    • When

    • How it works

  • Competition Plan

    • Beginning

    • During the Competition

  • Individual Presentations

    • CCDC Team


Prccdc
PRCCDC

  • March 23 & 24, 2013

  • Pre-Qualification Cancelled

  • Winner of Regional Goes to Nationals


Rules how the competition works
Rules/How the Competition Works

  • Basic Scenario

    • IT services for company

  • Must maintain services designated by White team

  • Don’t Hack the other teams (including Red)

  • Complete Business Injects


Rules how the competition works1
Rules/How the Competition Works

  • First Day

    • Bring your network up to standards

    • Red team install back doors

  • Second Day

    • Try to stay live

    • Red team breaks anything and everything


Competition plan
Competition Plan

  • First Hour or Two

    • Setup

  • Rest of the Competition

    • Business Injects


Beginning
Beginning

  • Disconnect Network

  • Harden Machines

    • Servers

    • Workstations

  • Multiple servers one machine?

  • IDS

  • Bring Network back online


Rest of the competition
Rest of the Competition

  • Business Injects

    • Delegated by:

      • Experience

      • Time available

  • Maintain Network

  • Incident Reports


Cisco router and switch

Cisco Router and Switch

Security and Network Communication Configurations

Trevor


Switch router
Switch & Router

  • Disable remote access to devices (Telnet & SSH)

  • Disable HTTP(S) servers

  • Enable secret passwords (encryption)

  • Install ACL’s to secure access to specific networks & devices

Trevor


Switch
Switch

  • Configure storm control protection

  • Configure ARP spoofing protection

  • Set up VLAN’s to segregate hostile from trusted networks

  • Block untrusted ports from broadcasting and multicasting packets through the network

Trevor


Router
Router

  • Setup routing based upon network segments and subnets and to reach the internet

  • Configure Inter-VLAN routing based upon the IP subnets given to our team

  • Protect against packet fragments, spoofed IP’s and MAC’s

Trevor



Forms
Forms

  • Two Forms

    • Business Inject

    • Incident Response

  • Specify information needed

  • Organization

  • Future Planning

Theora


Policy and presentations
Policy and Presentations

  • Policy

    • Reviewing

      • Policy challenges from last year

    • Planning

      • Collecting possible examples/dictionary for binder

  • Presentations

    • Reviewing

      • Remembering advice from last year

        • More pictures and technical descriptions

    • Planning

      • Keeping on top of current technology trends

I’m an Image

Theora


Intrusion detection system
Intrusion Detection System

  • Backtrack 4-5R3 all come with Snort

  • Practice

    • Configured Snort to run on Backtrack in Proton

      • Changing the .config file

    • Conducted some beginning tests

    • Reviewing default rules

Theora


BASE

Basic Analysis and Security Engine

Jason


Front end analysis for snort
Front-End Analysis for Snort

  • Graphical Representation of Traffic/Alerts

  • Can Search Alerts

  • Quick Analysis of Results

Jason



Searching
Searching

Jason


Analysis
Analysis

Jason


Setup requirements
Setup – Requirements

  • ADOdb Database Abstraction Library for PHP (ADOdb)

  • MySQL (make sure Snort is configured to use it)

Jason


Setup
Setup

  • Move ADOdb

    • mvadodb /var/www

  • Move BASE and chmod the folder to 757

    • Allows BASE to write the Setup file

  • Open Web Browser, go to BASE Setup page

Jason


Setup page
Setup page

Jason


Finishing
Finishing

  • Enter ADOdb path (/var/www/adodb)

  • Enter MySQL info (user name, password, etc)

  • Enter Authentication Information

Jason


Optional graphs
Optional – Graphs

  • Install PHP Extensions:

    • pear install Image_Color

    • pear install Image_Canvas-alpha

    • pear install Image_Graph-alpha

Jason


Software to use
Software to Use

  • BitDefender (Workstations)

  • ClamAV (Servers)

  • Rkhunter, chkroot (Linux Servers)

Morgan


Os hardening
OS Hardening

  • Windows

    • Disabling remote desktop

    • Rotating Passwords

    • Etc.

  • Linux

    • Disabling root account

    • Change ssh port

    • Etc.

Morgan


General os hardening
General OS Hardening

  • Binders

    • Server setup

    • Other information for all tasks

  • Step-by-step Setup for server devices

  • Hardening Ubuntu Guide.doc

  • Hardening Windows Guide.doc

Scott


Wordpress

WordPress

And all the stuff it affects

Maxine


Goal

  • Identify specific weaknesses

    • WordPress internals

    • Integrated systems (MySQL, phpMyAdmin, Apache)

  • Create guide for initial hardening

    • First 20 min / First 60 min

  • Maintenance / special case vulnerabilities

  • Documentation for potential business scenarios (plugins / widgets)

Maxine


Wordpress weaknesses
WordPress Weaknesses

  • Majority of reported vulnerabilities are XSS.

    • Metasploit:

      • CVE-2005-2612WordPress cache_lastpostdate Arbitrary Code Execution

      • CVE-2009-2335Wordpress Brute Force and User Enumeration Utility

  • http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

Maxine


Wordpress hardening
WordPress Hardening

  • Current Version

    • Current ver. Is 3.5.1(Dec 2012) Upgrading is ideal, but time consuming. Old versions are not patched.

    • Common sense:

      • Clean up unused plugins, user accounts, etc. Limit login attempts

    • Delete Admin login.

      • Log in  create new user with admin privileges  log in with new user  delete admin.

    • Permissions – change recursively:

      For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

    • Move wp-config.php outside web root. Change permissions to 600.

    • WP implemented security keys Random salt generator

    • wp_ prefixes

      • All wordpress database files prefixed with wp_. Change (complicated)

Maxine


Wordpress hardening1
WordPress Hardening

  • Enable SSL (wp-config.php)

  • Disallow bots (robot.txt in root

  • Advanced rules in .htaccess

  • Delete readme (can be used for fingerprinting)

  • Additional hardening:

    • Limit admin/user access by IP

    • Hide hard URL (use relative)

    • Deny bad query strings (script in .htaccess)

    • Delete MySQL “test” database (and any other associated unused DBs or users)

    • Fingerprint source code / header removal

    • PHP intrusion detection (PHPIDS, Mute Screamer)

Maxine


Plugins
Plugins

  • Benefits of security-enhancing plugins. E.g.:

    • Bulletproof securityXSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL

    • Vulnerability scanners

      • Anti-Malware, Exploit Scanner, Security Ninja Lite,

    • Monitoring plugins

      • 5-minute stat reporting through Verelo

  • .. And potential problems. E.g.:

    • W3 Total Cache (W3TC) plugin flaw leaves directories exposed & data vulnerable to brute force cracking

    • Google Document embedderweakness of arbitrary file disclosure.

    • Older versions of WordPress have long-running vulnerabilities (e.g. prior to 2.8.1, failed login attempts validate usernames)

    • Goal: Identify tested & trusted plugins to minimize searching at competition time.

  • “Free WordPress Themes” IS A BAD IDEA.

    • 8/10 had malware. Get plugins only from WP repository.

Maxine


Business scenarios
Business Scenarios

  • Last year, business inject requested live tech support.

  • Additional plugins/widgets:

    • Ratings modules

    • Sitemap

    • Google maps

    • eCommerce & shopping carts: PayPal, etc.

    • Retweeting / liking / sharing

    • Registration / membership

    • Redesign

  • (Most of these are easy to find at http://wordpress.org/extend/plugins/)

Maxine



Dc group policy
DC - Group Policy

  • Learn to deploy group policies quicker

  • Look at group policies from last year

    • Pre-write GPO

  • Find popular GPO’s to reduce exploits

Nate


Dc hardening
DC - Hardening

  • Get large amounts of patches

  • Discover tips for DC hardening

  • Production Server requirements

  • NIST Windows Server hardening

Nate


Dc business injects
DC - Business Injects

  • Create a VPN quickly and efficiently

  • Look at past injects to see what was required

    • Learn to do these fast to reduce time

  • User management

  • Least privilege

Nate


ad