remember the SPI Amazing Tech Race? i attended and participated on a similar security competition/workshop entitled as Cyber Defense Exercise (CDX) and was conducted last week (on an undisclosed/classified location hehe). it is a yearly exercise among the different military institutions and they're now opening the said event to the public. it's on its second year of trial and tested among students.
well as expected, all of us got pwn3d by the west point and NSA guys hehehe. but our team (composed of korean, viet, israeli, noypi) also managed to perform satisfactorily. the setup was a vmnetwork immitating a corporate network (both Windows/Linux servers & workstations) that had already been compromised. here are some of the rules: - all OS,services,softwares are vulnerable (older versions). - you can't apply a patch or perform software updates. - you don't have access to the internet. - you have to maintain the availability of the machines and the ports they're monitoring. - you have to defend the network against the attacks. - all the machines were compromised by a lot of rootkits. - you can't conduct file integrity check since you don't have any reference signatures anyway. - the competition lasted only for 5 hours. (military version lasted for a week). the national competition might materialize next year (in Washington state?). i might just attend as a spectator, harharhar :) perhaps, you can conduct the same on SPI's yearly tech forum? that would definitely be a good security exercise among the staffs. for more info: http://www.itoc.usma.edu/cyberexercises.htm http://www.nsa.gov/releases/relea00103.cfm
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
