• Hopefully, most of you can relate to several of thesescenarios• If you have not experienced anything, at least someof you are lying, misinformed, or new• If you arent worried about attacks, why are you here?Cyber-Attacks!
• Incidents will happen• Systems will be compromised• Applications need to both work and be secure• People will break things• You will need to be an expert on somethingyouve never seen beforeTruths
Top Skills• Fundamentalunderstanding of securityconcepts• Technical skills• Direct experience
•Personal experience/onyour own•Technology-specific training•Formal educationHow do I get skills?
• Nothing beats practical experience• How do you get practicalexperience?• Production systems• Personal equipment• Labs• Simulated production systemsPractical
• Hands on, practical experience• Simulated Production systems• Types• Defense• Attack• Attack/DefendCompetitive Security Events
• National Collegiate Cyber Security Competition• Focuses on both business and technical aspectsCollegiate Cyber DefenseCompetition (CCDC)
• Pre-qualifying (state) events• Regional events• Growing every year• Winner goes to national competition• National Competition• San Antonio, Texas• Top 9 teams in the nationCompetition Structure
• Competing teams have just beenhired as the IT staff for a company• Everyone was fired• Teams must secure their network,while completing a multitude ofbusiness tasks (injects)• Red team = bad guysCompetition Premise
•DNS•Mail (SMTP and POP)•Web•Secure Web (ecommerce)•FTP•Database•SSH•VoIPWhat types of applications?
• Cisco IOS (Router, Switch, ASA)• Windows• Linux• MacOS• Printers• VoIP Phones• WirelessWhat types of systems?
• Investigate a database breach• Deploy McAfee security software• Upgrade clients to Windows 7• Provide a list of top attacking IPs• Install and configure SplunkPotential Injects - Technical
• Block social networking websites• Develop an IT policy• Create user accounts• Recover lost e-mail• Create a job description for HRPotential Injects - Business
• Unplug everything, secure it, and bring it back online• Services are not available• Customers are not happy• Mitigate security issues while keeping services alive• The red team is everywhere• Run away, cryingPotential Strategies – Day One
• Number of issues/systems/tasks greater than availablemanpower• Unexpected difficulties/limitations/business rules andpolicies• Uptime & SLA requirementsChallenges