AOH :: ISNQ4631.HTM

Security where it counts: "If you can't talk, you can't fight




Security where it counts: "If you can't talk, you can't fight
Security where it counts: "If you can't talk, you can't fight



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-907591435-1191303232=:7837
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9040058 

By Sumner Lemon
October 01, 2007 
IDG News Service

For most large companies, an attack that brings down the corporate 
network means millions of dollars in lost revenue and unhappy customers. 
But if the net defenders of the U.S. Army see their network go down or 
their defenses broken, the stakes are significantly higher; the lives of 
soldiers fighting in Iraq and Afghanistan are on the line.

Net defenders are one of several specialties within the 1st Information 
Operations Command's Army Computer Emergency Response Team (ACERT), and 
their job is to maintain and protect the flow of data over the Army's 
network.

"It's all about keeping the quality of service up, keep communications 
up and keep everything going," said Thomas Blackard, a reservist serving 
with ACERT.

"If you can't talk, you can't fight," he said.

Blackard and other members of the 1st Information Operations Command 
took part in the Hack In The Box (HITB) security conference last month 
in Kuala Lumpur, Malaysia, where they attended training sessions and 
competed against hackers in a capture-the-flag contest.

Unwinding with a cold beer on the outdoor terrace of the Le M=C3=A9ridien 
hotel after a day-long training session, Blackard and his colleagues 
explained why the ACERT team came to Kuala Lumpur. "You've got to learn 
ways to build better mousetraps, learn how to defend better, and learn 
new things," he said.

"You can't really defend your network unless you know what's out there. 
Coming to these things you know what's out there, and you can adjust 
your tactics," said Mike Stan, another reservist serving with ACERT.

While Blackard and Stan didn't take part themselves, a three-person 
ACERT team put those tactics to the test at HITB in a capture-the-flag 
contest that drew nine other teams comprised of top hackers from Asia 
and Europe.

The ACERT team, called Army Strong, competed in a similar contest 
organized by HITB earlier this year in Dubai and didn't score any 
points. But the Dubai contest only allowed attacks, not the defensive 
tactics they specialize in.

Under Army doctrine, network defenders cannot respond to an attack on 
their systems with a counterattack. The reasoning behind this policy is 
that hackers are likely to hijack a third-party server to use for an 
attack, and a counterattack against that server could have legal 
repercussions for the Army.

Army Strong got its chance to shine in Kuala Lumpur as the contest rules 
allowed teams to attack and defend their systems.

Teams were given a patched server with customized, hidden exploits that 
connected over a network to a score server and the other teams.

To make things more challenging, all traffic on the network used a 
single IP (Internet Protocol) source address, regardless of whether that 
traffic was a request from the score server or an attack from another 
team -- this prevented teams from using a firewall to block some packets 
and protect their systems.

The goal was to re-create the challenge corporate IT managers face when 
defending their systems against attacks and waiting for a patch to be 
delivered.

"You need to keep the service running even though there is a 
vulnerability," said Dhillon Andrew Kannabhiran, founder and chief 
executive officer of Hack In The Box (M) Sdn. Bhd., which organized the 
conference and contest.

In the end, the Sao Vang team from Vietnam won the two-day contest with 
8,900 points, followed by the WabiSabi Labi Ltd. team with 5,540 points. 
Army Strong came in fifth place with 925 points, but all of its points 
were earned through defense, making them the top defensive team. They 
did not attack the other teams during the competition.

"They did extremely well. Their day-to-day job is defending networks and 
they did precisely that," Kannabhiran said.

ACERT approached the capture-the-flag contests organized by HITB in 
Dubai and Kuala Lumpur as a training opportunity. Since teams didn't 
know beforehand what skills would be required, such as the ability to 
reverse engineer a software binary, contest participants were forced to 
confront issues outside their comfort zones.

"It keeps us on our toes, it makes us think about stuff," Blackard said. 
"And then we can take that back and teach it to our younger soldiers."


--1457021584-907591435-1191303232=:7837
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com 

--1457021584-907591435-1191303232=:7837--

Site design & layout copyright © 1986-2014 CodeGods