http://www.theinquirer.net/?article=17505 By Doug Mohney 28 July 2004 A WEEK before the 2004 Cyber Defense Exercise (CDX) kicked off in April, the National Security Agency abruptly asked the participating military service academies close off the event to the public and the media for "operational concerns." What did "operational concerns" mean? NSA's public affairs office failed to respond via e-mail. Of course, NSA had problems sending e-mail to my primary e-mail account in the first place, so I'm not sure if the response went into a top-secret black hole or I was just ignored. Each academy ultimately made their own call, with Army's West Point and little-heralded United States Merchant Marine Academy (USMMA) choosing to keep their doors open. Perhaps unsurprisingly, USMMA and West Point placed one and two in the CDX contest. The NSA's request was an about-face for an event that had been open and widely promoted by West Point over the last two years. Since the exercise was designed to be unclassified from the ground up, "Red Team" attackers from the NSA and the Air Force's 92nd Aggressor Squadron were only permitted publicly known security exploits and not use any classified "Zero-Day" techniques. CDX is designed to be a defense exercise, the most realistic scenario a military IT officer is going to face in the real world. Each participating team is tasked with setting up and operating a core set of services, keeping them operational in the face of Red Team attacks. The underdog winners at USMMA setup and operated a combination of Windows 2000, XP, and Linux Mandrake machines to resist the best unclassified attacks the U.S. cyberwarfare establishment could dish out. After all, the Red Team - or people just like them - were the folks that wrought havoc on Saddam Hussein's networks, monitoring communications and pulling such tricks as sending e-mail to senior Iraq military commanders asking them to surrender. Maybe sanctions had kept Saddam's people from getting the latest Microsoft security patches, but nobody's saying. USMMA's team used Windows 2000 Advanced Server with service pack 4 to run active directory, primary domain controller, e-mail (Exchange Server 2000 w/ SP3), mail relay, LRA (Local Registration Authority used to issue DoD public key encryption certificates), and web services with IIS 5.0. Workstations ran Windows 2000 Professional with SP1. A video conferencing station used Windows XP because the web camera being used was more stable under that OS. Finally, the heavy network lifting was done with Linux Mandrake 10.0, including the primary firewall and router, backup firewall, external DNS, and IDS. Needless to say, all the latest security patches were loaded and applied. However, USMMA Midshipman Allen Hsiao admits they tweaked things a little within the rules of the guidelines. Workstations were locked down to the point where end-users could only run Outlook, Internet Explorer, and NotePad, with options further tightened down in each of the programs. End users could not save files to any storage medium except for a floppy disk or a USB drive. "In a normal, real world network, end users normally require much more functionality from their workstation," said Hsiao. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Thu Jul 29 2004 - 00:26:09 PDT