Wow... They're either getting daring up there in Redmond or they're smoking better stuff than I am. Well, I suppose they may be anticipating a power outage for the duration of this event....
-----Original Message----- July 10, 2002 Security Watch http://mcpmag.com/security/ http://ENTmag.com ================================================================= THIS ISSUE SPONSORED BY: - MCP TechMentor Conf - San Diego - September 3-7 http://www.techmentorevents.com/sandiego/ ================================================================= ----------------------------------------------------------------- In This Special Issue: - The Windows Security Challenge is Live ----------------------------------------------------------------- **The Windows Security Challenge is Live By Keith Ward Welcome to this special edition of Security Watch! I'm at the Elliot Grand Hyatt hotel in downtown Seattle, Washington, site of the MCP TechMentor Summit on Security. We've been spending the day configuring our typical Windows 2000 network for security, using industry experts and standard best practices for hardening. For those of you unable to attend in person, we still want you to join in on the action. Starting at 6 p.m. PST today, we invite you to attack our network -- any part, any time -- until the Windows Challenge ends at midnight tomorrow, July 11. Any kind of attack is welcome; in fact, the more creative and aggressive, the better. Remember, we've got some of the best in the business locking down our network; you'll need to be good to get in. The network includes Windows 2000 and XP desktops, and the following servers: Exchange, IIS, SQL, a file server and two domain controllers. We have a standard DMZ with a PIX firewall facing the Internet, and ISA Server facing the internal network. A diagram of the network is available at http://www.techmentorsummit.com/seattle/overview.asp#. The diagram is at the bottom of the page. We have a Web page with a simple guest book application. One caution: do NOT put sensitive or secret information, such as a password you use on your network, into this application. Remember, people will be trying to access the SQL Server that's holding the data. The URL for the front door of our network is http://www.windowssecuritychallenge.com. Bear in mind that this link won't work until approximately 6 p.m., when the network is activated. Following the conference, we'll be analyzing the Windows Challenge and presenting our findings on successful and unsuccessful attacks, and why they were or weren't successful. It will include packet captures, log files and other information relevant to network security. It'll be an enlightening report, and will eventually be available for purchase on CD-ROM. Please note: Unauthorized intrusions into computer systems are illegal. We expect the conference attendees and participants in this conference and Challenge to behave responsibly and appropriately and to confine their probing and testing to the URL provided for the Windows Security Challenge. Any conference attendee or participant caught attempting to intrude upon, disrupt or otherwise "hack" any URLs not provided for testing purposes will be prosecuted to the full extent of the law. If such activities are observed, it may result in the shut down of the systems provided for this conference, thus depriving all participants of the unique opportunity this conference provides. Sorry about the harsh nature of this notice, but it's important to realize that the purpose of the Windows Challenge is to learn how to protect a network, not to use our event as a springboard to hack other computers or sites. I hope you'll take advantage of this opportunity to attack our Windows Challenge network. Bring your friends in on a coordinated attack; see if you can outwit our experts. Happy hacking! Keith Ward Program Director MCP TechMentor Summit on Security mailto:[EMAIL PROTECTED] <Joke of a Security Bulletin SNIP> _______________________________________________ Linux-users mailing list - http://linux-sxs.org/mailman/listinfo/linux-users Subscribe/Unsubscribe info, Archives,and Digests are located at the above URL.
