Return-Path: <sentto-279987-4723-1022608105-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 28 May 2002 10:52:09 -0700 (PDT) Received: (qmail 16199 invoked by uid 510); 28 May 2002 17:48:10 -0000 Received: from n26.grp.scd.yahoo.com (66.218.66.82) by all.net with SMTP; 28 May 2002 17:48:10 -0000 X-eGroups-Return: sentto-279987-4723-1022608105-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.98] by n26.grp.scd.yahoo.com with NNFMP; 28 May 2002 17:48:25 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_3_2); 28 May 2002 17:48:24 -0000 Received: (qmail 81701 invoked from network); 28 May 2002 17:48:24 -0000 Received: from unknown (66.218.66.216) by m15.grp.scd.yahoo.com with QMQP; 28 May 2002 17:48:24 -0000 Received: from unknown (HELO web14504.mail.yahoo.com) (216.136.224.67) by mta1.grp.scd.yahoo.com with SMTP; 28 May 2002 17:48:24 -0000 Message-ID: <20020528174824.86267.qmail@web14504.mail.yahoo.com> Received: from [68.100.119.16] by web14504.mail.yahoo.com via HTTP; Tue, 28 May 2002 10:48:24 PDT To: iwar@yahoogroups.com In-Reply-To: <200205281542.g4SFgUJ14933@red.all.net> From: "e.r." <fastflyer28@yahoo.com> X-Yahoo-Profile: fastflyer28 Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 28 May 2002 10:48:24 -0700 (PDT) Subject: Re: [iwar] Cadets Keep NSA Crackers At Bay (fwd) Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-2.3 required=5.0 tests=IN_REP_TO,FROM_ENDS_IN_NUMS,CLICK_BELOW,SUPERLONG_LINE version=2.20 X-Spam-Level: Perhaps they will consider a com sci major eventually. Fred Cohen <fc@all.net> wrote: Cadets Keep NSA Crackers At Bay By William Jackson, Newsbytes May 20 2002 1:53PM Cadets and midshipmen from the nation's military service academies faced= off last month in real-world cybercombat. They used all their skills to= keep production networks up and running while under attack by National= Security Agency experts. In the end, the U.S. Military Academy at West= Point kept the coveted NSA Information Assurance Director's Trophy it won= last year. The exercise "was a lot harder than talking about it in class," said West= Point cadet Chris Gates of Little Rock, Ark. "Until you fail, you don't= know how hard." Wayne Schepens, an NSA visiting fellow, called the exercise "a win across= the board from the NSA's perspective." The second Cyber Defense Exercise was the first in which all the service= academies participated. There was "a phenomenal increase in the skills of the cadets," said Lt.= Col. Daniel Ragsdale, assistant professor of computer science at West= Point. "They were better prepared and better organized. All the things we= taught them about defense in depth and breadth, they implemented." The exercise bridged the gap between the classroom and the real world,= Ragsdale said. "You can only go so far in the classroom," he said. "People= get a false sense of security." West Point's focus on information assurance skills started about three= years ago when Col. Andre Sayles, head of the Computer Sciences= Department, "had an epiphany" about it as a critical need, Ragsdale said. This year, 24 seniors at the 200-year-old academy enrolled in the= 3-year-old information assurance program. "They essentially had to commit= to having no free electives to get to this course," Ragsdale said. Take The Dare West Point is the first undergraduate school to be designated by NSA as a= center for academic excellence for information assurance. And it was West= Point that in August 2000 issued the challenge to its sister academies to= participate in the cyberexercise, which was held in April of last year. The only taker last year was the Air Force Academy at Colorado Springs,= Colo. The Naval Postgraduate School in Monterey, Calif., took part but did= not compete for the trophy. This year the Naval Academy at Annapolis, Md., and the Coast Guard Academy= at New London, Conn., also competed. "We have a strong interest in information assurance, and the department= encouraged us to take part in the exercise," said Maj. Robert Peterman, a= computer science instructor at Annapolis. All the academies have integrated security into their computer science= courses. The Naval Academy began offering an information assurance course= last spring, and it is now a requirement for a computer science major,= department chairman Patrick Harrison said. The Naval Academy felt it was coming from behind in the exercise-"in= start-up mode," Harrison said, whereas West Point has "fully blossomed." The Coast Guard Academy also saw itself as an underdog. "The Coast Guard is= the forgotten armed service," said Herb Holland, an academy instructor. It= defends against smugglers and illegal immigrants, and it handles= classified information, so security expertise is critical, Holland said.= But the academy has no computer science department; computer classes are= taught as part of electrical engineering. "This exercise is a project for students taking the computer communications= and networking course," Holland said before the exercise began. "These= guys are hyped. Since we don't have a computer science major per se, they= may not have as much background. On the other hand, they are engineers and= have lots of experience in problem solving. So I think we'll hold our= own." That assessment turned out to be accurate. The Coast Guard cadets "did a hell of a job providing [network] services"= during the contest, Ragsdale said. "They got compromised quite a bit, but= they hung in there." Keeping services running while a network is under attack is key to winning= the contest, he said, because "it's only in the context of providing= services that the rest of this makes sense." All the academies set up identical networks with a variety of services= running on three subnets protected by a firewall. They all transmitted= daily reports about intrusions and responses to the White Team-referees= from the CERT Coordinating Center at Pittsburgh's Carnegie Mellon= University. NSA and the Defense Department's Public-Key Infrastructure Program= Management Office provided funding for the networks. VPN Marathon NSA's Red Team of attackers and the referees on the White Team all used= virtual private networks to connect with the academy LANs. The White Team deducted points for intrusions but awarded points for= identifying them and fixing the vulnerabilities, so a network compromise= was not always fatal. "Keeping the services running was surprisingly hard," Schepens said. "We= impress on the cadets that a system is worthless if the services aren't= running." The participants had to perform a balancing act. "Keeping it up is really a= challenge when fixing one part breaks two more parts," said West Pointer= Ian MacLeoud of Philadelphia. Last year, Ragsdale said, the West Point network was a day late going= online and was then penetrated by the Red Team within three hours. The= West Pointers' defense plans were immature and static, he said, and the= key lesson learned then was that boosting security "makes administration= even more difficult." This year's cadets built on the experience. The attackers "were never able= to take the network down at any point," cadet Gates said. Defenses improved so much, in fact, that next year the exercise might add= communications among the academy networks, to give the Red Team more= opportunities to break in. "Each school put in heavy resources," Schepens said. "They were very= well-prepared." But his claim that there were no losers did not comfort West Point's= rivals. "There's only one first place," the Naval Academy's Peterman said. Ragsdale, however, said he doesn't expect West Point to maintain its lead= for long. "I would be astounded if next year or the year after another school doesn't= come to the fore," he said. "Much as I would like to think of it, I don't= see any dynasty." Reported by Government Computer News, http://www.gcn.com =A9 2001 - 2002 The Washington Post Company -- This was sent to you from http://theMezz.com To Subscribe/Unsubscribe go to http://techPolice.com http://www.theMezz.com/cybercrime/archive Yahoo! Groups SponsorADVERTISEMENT ------------------ http://all.net/ Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. --------------------------------- Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get the strongest server security 128-bit SSL encryption! Download VeriSign's FREE guide, "Securing Your Web Site for Business" and learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here! http://us.click.yahoo.com/V02TTC/PyKEAA/sXBHAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT