http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9040058 By Sumner Lemon October 01, 2007 IDG News Service For most large companies, an attack that brings down the corporate network means millions of dollars in lost revenue and unhappy customers. But if the net defenders of the U.S. Army see their network go down or their defenses broken, the stakes are significantly higher; the lives of soldiers fighting in Iraq and Afghanistan are on the line. Net defenders are one of several specialties within the 1st Information Operations Command's Army Computer Emergency Response Team (ACERT), and their job is to maintain and protect the flow of data over the Army's network. "It's all about keeping the quality of service up, keep communications up and keep everything going," said Thomas Blackard, a reservist serving with ACERT. "If you can't talk, you can't fight," he said. Blackard and other members of the 1st Information Operations Command took part in the Hack In The Box (HITB) security conference last month in Kuala Lumpur, Malaysia, where they attended training sessions and competed against hackers in a capture-the-flag contest. Unwinding with a cold beer on the outdoor terrace of the Le Méridien hotel after a day-long training session, Blackard and his colleagues explained why the ACERT team came to Kuala Lumpur. "You've got to learn ways to build better mousetraps, learn how to defend better, and learn new things," he said. "You can't really defend your network unless you know what's out there. Coming to these things you know what's out there, and you can adjust your tactics," said Mike Stan, another reservist serving with ACERT. While Blackard and Stan didn't take part themselves, a three-person ACERT team put those tactics to the test at HITB in a capture-the-flag contest that drew nine other teams comprised of top hackers from Asia and Europe. The ACERT team, called Army Strong, competed in a similar contest organized by HITB earlier this year in Dubai and didn't score any points. But the Dubai contest only allowed attacks, not the defensive tactics they specialize in. Under Army doctrine, network defenders cannot respond to an attack on their systems with a counterattack. The reasoning behind this policy is that hackers are likely to hijack a third-party server to use for an attack, and a counterattack against that server could have legal repercussions for the Army. Army Strong got its chance to shine in Kuala Lumpur as the contest rules allowed teams to attack and defend their systems. Teams were given a patched server with customized, hidden exploits that connected over a network to a score server and the other teams. To make things more challenging, all traffic on the network used a single IP (Internet Protocol) source address, regardless of whether that traffic was a request from the score server or an attack from another team -- this prevented teams from using a firewall to block some packets and protect their systems. The goal was to re-create the challenge corporate IT managers face when defending their systems against attacks and waiting for a patch to be delivered. "You need to keep the service running even though there is a vulnerability," said Dhillon Andrew Kannabhiran, founder and chief executive officer of Hack In The Box (M) Sdn. Bhd., which organized the conference and contest. In the end, the Sao Vang team from Vietnam won the two-day contest with 8,900 points, followed by the WabiSabi Labi Ltd. team with 5,540 points. Army Strong came in fifth place with 925 points, but all of its points were earned through defense, making them the top defensive team. They did not attack the other teams during the competition. "They did extremely well. Their day-to-day job is defending networks and they did precisely that," Kannabhiran said. ACERT approached the capture-the-flag contests organized by HITB in Dubai and Kuala Lumpur as a training opportunity. Since teams didn't know beforehand what skills would be required, such as the ability to reverse engineer a software binary, contest participants were forced to confront issues outside their comfort zones. "It keeps us on our toes, it makes us think about stuff," Blackard said. "And then we can take that back and teach it to our younger soldiers." __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Mon Oct 01 2007 - 23:16:55 PDT