Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, July 07, 2006

Security agency war game tries to teach Net defense

The National Security Agency may be known for its stealthy eavesdropping techniques, but it’s going public with advice for how to train a new generation to defend against computer threats.  Representatives from the usually secretive agency appeared at a SANS Institute event here to divulge “lessons learned” from their latest cyberdefense exercise.  The exercise, which took place over four days in April, pitted students from the five U.S. military academies and the Air Force’s postgraduate technology school against “bad guys” at NSA headquarters.  NSA representatives said they hoped the informal briefing would provide a wake-up call to all network managers, both inside and outside the government.

In hopes of simulating a real-world situation, the attackers made a point of using the most publicly known exploits during the competition.  They also took advantage of common mistakes like the use of weak passwords or the same passwords on multiple systems, and targeted security holes in Microsoft Windows that have readily available patches.  In one case, for instance, NSA hackers gained control of a router in a complex network architecture built by the West Point team because the team neglected to change the default password on the Cisco Systems device.

Michael Tanner, an Air Force cadet, said the team’s nine members, mostly computer science and engineering majors, had only basic knowledge of information assurance practices.

“We know there’s a tendency for students to think they have to build some sort of whizbang network with bells and whistles,” said Rigo MacTaggart, who participated on the NSA’s end.

Posted on 07/07