competitive cyber security
DESCRIPTION
The truth is incidents will happened and systems will get compromised. You need to be an expert on how to handle these incidents. The best way to learn is through experience, such as the Collegiate Cyber Defense Competition.TRANSCRIPT
![Page 1: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/1.jpg)
Tom Kopchak
Competitive Cyber Security:The Ultimate Training
Experience
![Page 2: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/2.jpg)
•Who Am I?
•Why Am I here, and what got me here?
•Why I am passionate about computer security?
About the Presenter - Who am I?
![Page 3: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/3.jpg)
How many of you have experienced a cyber-attack?
![Page 4: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/4.jpg)
System intrusion?
![Page 5: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/5.jpg)
Malware Infestation?
![Page 6: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/6.jpg)
Rushed project?
![Page 7: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/7.jpg)
Mysterious network?
![Page 8: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/8.jpg)
•Hopefully, most of you can relate to several of these scenarios
•If you have not experienced anything, at least some of you are lying, misinformed, or new
•If you aren't worried about attacks, why are you here?
Cyber-Attacks!
![Page 9: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/9.jpg)
•Incidents will happen
•Systems will be compromised
•Applications need to both work and be secure
•People will break things
•You will need to be an expert on something you've never seen before
Truths
![Page 10: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/10.jpg)
Top Skills•Fundamental understanding of security concepts
•Technical skills
•Direct experience
![Page 11: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/11.jpg)
•Personal experience/on your own
•Technology-specific training
•Formal education
How do I get skills?
![Page 12: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/12.jpg)
•Nothing beats practical experience
•How do you get practical experience?
•Production systems
•Personal equipment
•Labs
•Simulated production systems
Practical
![Page 13: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/13.jpg)
•Hands on, practical experience
•Simulated Production systems
•Types
•Defense
•Attack
•Attack/Defend
Competitive Security Events
![Page 14: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/14.jpg)
Collegiate Cyber Defense Competition (CCDC)
![Page 15: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/15.jpg)
•National Collegiate Cyber Security Competition
•Focuses on both business and technical aspects
Collegiate Cyber Defense Competition (CCDC)
![Page 16: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/16.jpg)
• Pre-qualifying (state) events
• Regional events
• Growing every year
• Winner goes to national competition
• National Competition
• San Antonio, Texas
• Top 9 teams in the nation
Competition Structure
![Page 17: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/17.jpg)
• Competing teams have just been hired as the IT staff for a company• Everyone was fired
• Teams must secure their network, while completing a multitude of business tasks (injects)
• Red team = bad guys
Competition Premise
![Page 18: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/18.jpg)
• DNS
• Mail (SMTP and POP)
• Web
• Secure Web (ecommerce)
• FTP
• Database
• SSH
• VoIP
What types of applications?
![Page 19: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/19.jpg)
• Cisco IOS (Router, Switch, ASA)
• Windows
• Linux
• MacOS
• Printers
• VoIP Phones
• Wireless
What types of systems?
![Page 20: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/20.jpg)
• Investigate a database breach
• Deploy McAfee security software
• Upgrade clients to Windows 7
• Provide a list of top attacking IPs
• Install and configure Splunk
Potential Injects - Technical
![Page 21: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/21.jpg)
• Block social networking websites
• Develop an IT policy
• Create user accounts
• Recover lost e-mail
• Create a job description for HR
Potential Injects - Business
![Page 22: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/22.jpg)
• Unplug everything, secure it, and bring it back online
• Services are not available
• Customers are not happy
• Mitigate security issues while keeping services alive
• The red team is everywhere
• Run away, crying
Potential Strategies – Day One
![Page 23: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/23.jpg)
• Number of issues/systems/tasks greater than available manpower
• Unexpected difficulties/limitations/business rules and policies
• Uptime & SLA requirements
Challenges
![Page 24: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/24.jpg)
EMC Training Center: Franklin, MassachusettsTopology – 2011 Regionals
![Page 25: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/25.jpg)
![Page 26: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/26.jpg)
Topology - 2011 NationalsSan Antonio, Texas
![Page 27: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/27.jpg)
![Page 28: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/28.jpg)
•Storytime with Tom (time permitting)
•CCDC experiences
•Red team attacks
•Strange tasks
Personal Experiences
![Page 29: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/29.jpg)
•CCDC = NCAA of Computer Security
•US Cyber Challenge
•Private Events
• RIT Information Technology Talent Search (ISTS)
• Hurricane Labs Hackademic Challenge
• Hack for Hunger
But wait, there's more!
![Page 30: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/30.jpg)
•Many opportunities/needs exist
•Gain experience yourself, and help others get involved
Get involved, and encourage others!
![Page 31: Competitive Cyber Security](https://reader035.vdocument.in/reader035/viewer/2022062514/55897575d8b42a896d8b45cc/html5/thumbnails/31.jpg)
Wrap Up/QA