http://www.theday.com/eng/web/news/re.aspx?re=9400778c-9d6b-4ffa-86a6-01edf6d4280c By ROBERT A. HAMILTON Day Staff Writer Navy/Defense/Electric Boat Published on 4/13/2005 New London - The computer screen was displaying such dire warnings as "ICMP Destination Unreachable Fragmentation needed and DF bit was set." Well, it's a dire warning if you speak computer. "You can tell we're under attack now because the network is so slow," Lt. Cmdr. Joseph Staier, assistant dean of the Coast Guard Academy, said Tuesday, his gleeful demeanor belying what seemed an evil intent. "They're probing us, trying to find our weaknesses." It was Day Two of a four-day Cyber Defense Exercise, in which a "Red Team" from the National Security Agency, with assistance from some of the top computer experts from the Army, the Air Force and other agencies, is trying to hack networks set up by students at the nation's five military academies. On the second floor of Coast Guard Academy's McAllister Hall, 21 cadets, including three international students, were rushing from screen to screen, monitoring what will be increasingly sophisticated hacking attempts through Thursday night. Web cameras keep the students in touch with their counterparts at the Air Force, Naval and Merchant Marine academies and the U.S. Military Academy at West Point, each waiting to see who will fall first. Each team gets the same hardware, and they can only use free software such as Linux, an operating system that does the job of Windows. The academy team is running intrusion detection software that includes Snort, which records tiny packets of information coming onto the network, and Base, which looks through those packets for the "fingerprints" of a hacker. "I can make a perfectly safe system," Staier said. "You turn the computer off and lock it in a safe. That's secure. But it's not very usable." Conversely, you can just plug the computer into the Internet with no safeguards, and you can access your data from anywhere in the world - but so can everyone else. "The idea is to teach them the balancing act between security and usability," Staier said. And it's an important question for the Coast Guard, as it is for all military services, he said. If you're sending operational orders via e-mail, you don't want the bad guys reading them. For the last three years, the Coast Guard cadets have beaten their counterparts at the Naval Academy, though they have one-third the number of players and no computer science major. "You'd like to win, of course, but as long as you beat Navy ..." Staier observed with a grin. The computers are stacked on desks along the wall. In the center of the room, a large table holds bottles of iced tea, cans of Mug root beer, a largely untouched bin of salad and empty containers of French fries and chicken nuggets. The box of Nature Valley granola bars is still full, but the Pringles and Goldfish are disappearing. Most of the cadets have been working almost nonstop since Monday morning. "This is a real trial by fire," said Cadet 1st Class Roger Nurse of Guyana, who had no experience in network administration before this week. He said it's a struggle to pull himself away for classes, because he doesn't want one of his systems to be the first one to fall to the cyber-intruders. Cadet 1st Class Matt Kempe of Tustin, Calif., said he has already learned a lot from the exercise. "I learned starting a network from scratch is a lot of work, and sleep is a luxury network administrators can't afford," Kempe said with a chuckle. "I have a new appreciation for IS (information services) staff." But Cadet 1st Class Roland "Tim" Orr of Fayetteville, N.C., said all the work is worth it when you feel the rush of foiling an attack. "When it works, it's like, "Wow, everything came together,' " Orr said. _________________________________________ Network Security - http://www.auditmypc.com Free vulnerability test - How secure is your computer?
This archive was generated by hypermail 2.1.3 : Thu Apr 14 2005 - 11:44:10 PDT