http://arstechnica.com/information-technology/2012/10/live-fire-cyberwar-in-a-box-tests-mettle-of-military-it-pros/ By Sean Gallagher Ars Technica Oct 20 2012 In August, a collection of military, government, and nongovernmental humanitarian organizations from 22 countries in the Pacific gathered in Singapore for Pacific Endeavor 2012, a joint exercise to test how quickly and how well they could communicate in the face of a disaster. While the simulated mission was peaceful, some of the participants were put through a separate, more hostile test -- Cyber Endeavor, a full-on "live fire" cyberwarfare exercise focused on "protecting information in a collaborative environment, "with both innocent bystanders and hostile attackers." The battle was fought on a closed "cyber range," a network designed to put network security teams through their paces and expose them to the most up-to-date exploits and attack methods available to hackers in the real world. Using BreakingPoint FireStorm network security testing appliances from Ixia, two teams created test traffic against the "Blue Team" defenders in the exercise. A "Green" team created normal, benign application traffic against the network's infrastructure, and a "Red" team that staged attacks drawn from a library of up-to-date vulnerabilities and exploits, using simulated botnets, real malware, and malformed packets designed to stress network infrastructure. The Defense Department has invested heavily in cyber-ranges, including DARPA's multimillion dollar effort to build a National Cyber Range, a project now in the process of being transferred to U.S. Cyber Command. The NCR's goal was to create a secure, self-contained network facility that could be set up to emulate both internal Defense Department networks and commercial networks for evaluating and certifying cyberdefense tools. And the NCR isn't alone -- there are several other cyber-range facilities operated by other parts of the DOD. The problem, of course, is that those facilities are isolated and physically locked down -- and expensive to operate. They usually require building a load of virtual machines to generate attacks and application traffic, and it takes significant work to create automated traffic that both takes advantage of emerging threats and doesn't give itself away by being too "canned." And if an organization wants to train on the NCR, they'll need to send their cyber-security team to it -- and get proper clearances. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Sun Oct 21 2012 - 23:51:59 PDT
This archive was generated by hypermail 2.2.0 : Sun Oct 21 2012 - 23:46:05 PDT