Kewl Ariz then you must have the " high security clearance" ;-)
I can't do that work so I concentrated in system administration got myself exposed in various UNIX flavors. One time I was tasked to do a security audit, run nmap in several system and document which ports are open and analyze if its required by hosted applications. I have to do this carefully, just simple nmap and no further diggings, and ask my manager to cover my ass because networking and security are totally separated and different from sys ad group and they hate if someone snip within. On 5/5/07, Ariz Jacinto <[EMAIL PROTECTED]> wrote:
remember the SPI Amazing Tech Race? i attended and participated on a similar security competition/workshop entitled as Cyber Defense Exercise (CDX) and was conducted last week (on an undisclosed/classified location hehe). it is a yearly exercise among the different military institutions and they're now opening the said event to the public. it's on its second year of trial and tested among students. well as expected, all of us got pwn3d by the west point and NSA guys hehehe. but our team (composed of korean, viet, israeli, noypi) also managed to perform satisfactorily. the setup was a vmnetwork immitating a corporate network (both Windows/Linux servers & workstations) that had already been compromised. here are some of the rules: - all OS,services,softwares are vulnerable (older versions). - you can't apply a patch or perform software updates. - you don't have access to the internet. - you have to maintain the availability of the machines and the ports they're monitoring. - you have to defend the network against the attacks. - all the machines were compromised by a lot of rootkits. - you can't conduct file integrity check since you don't have any reference signatures anyway. - the competition lasted only for 5 hours. (military version lasted for a week). the national competition might materialize next year (in Washington state?). i might just attend as a spectator, harharhar :) perhaps, you can conduct the same on SPI's yearly tech forum? that would definitely be a good security exercise among the staffs. for more info: http://www.itoc.usma.edu/cyberexercises.htm http://www.nsa.gov/releases/relea00103.cfm _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
-- sometimes truth is stranger than fiction -bad religion- http://www.bloglines.com/blog/mailist _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
