Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Takes On West Point In Security Exercise

Posted by Soulskill on from the with-friends-like-these dept.

Wired is running a story about a recent security exercise in which the NSA attacked networks set up by various US military academies. The Army's network scored the highest, put together using Linux and FreeBSD by cadets at West Point. Quoting: "Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones. 'One of the challenges was when they see a scan, deciding if this is it, or if it's a cover,' says [instructor Eric] Dean. Spotting 'cover' attacks meant thinking like the NSA -- something Dean says the cadets did quite well. 'I was surprised at their creativity.' Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools' networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network."

7 of 140 comments (clear)

  1. Re:What's with the fearmongering? by SoapBox17 · · Score: 4, Informative

    According to wikipedia, "The National Security Agency/Central Security Service (NSA/CSS) is a cryptologic intelligence agency of the United States government, administered under the U.S. Department of Defense. " and "The Department includes the Army, Navy, Air Force, Marine Corps, as well as non-combat agencies such as the National Security Agency and the Defense Intelligence Agency."

    Under Secretary of Defense for Intelligence
    * Defense Intelligence Agency
    * Defense Security Service
    * Counterintelligence Field Activity
    * National Geospatial-Intelligence Agency
    * National Reconnaissance Office
    * National Security Agency


  2. I was in the exercise... by Anonymous Coward · · Score: 5, Informative

    I was actually part of the exercise, and I would agree that the article is very vague. The main purpose of the exercise was to help cadets learn best security practices of building a network. There were required services we had to run, such as exchange, a web server, DNS, active directory, and a jabber messaging server. The rootkit they speak of was on the box because the other part of the exercise was trying to secure untrusted computers. They riddled two Windows VMs and one Linux VM with as much stuff as they could, and the told us to secure them. Naturally we missed some things, which allowed the callback to go out.

    As for the 'custom tools', I have no idea what they are talking about. We used native Windows logging and a few open source programs to pull logs to a log server, but that was about it for extra programs. I would agree that the article was written for the non-technical person, but those are the kinda of questions they were asking us when the reporter was here.

    1. Re:I was in the exercise... by Anonymous Coward · · Score: 5, Informative

      I was also in the exercise... from the NSA side ;) (I have to post anonymously). I agree that the article IS very lean on details (as it should be), and geared toward a somewhat nontechnical audience. I have a different perspective from what the cadets at the USMA saw, as I experienced it from the opposition side.

      The network directive given out to the academies had stipulation they had to follow, and a scenario that reflected real world situations (the cadets were setting up a network that included VMs of computers they HAD to include in their network). The network directive also had costs associated with anything the cadets wanted to do. So if they wanted to park a cadet at a Snort terminal for the duration of the exercise, that had a cost associated with it, as did setting up VLANS, using IPSEC, other IDS sensors, firewalls, host/service monitors, etc. Each academy had to submit their network structure for review and approval prior to STARTEX. The scenario reflects real world situations that would come up in most operations that involve other allied nations.

      The NSA was strictly there to attack the networks and document any exploits they succeeded with. I can't go into details as to what our Rules of Engagement were, but suffice to say that we met with success with every school that was actually scored (the two graduate schools that participated were not scored).

      The whole goal of the exercise is to prepare the cadets for SECURING a network against information security threats. It is a DEFENSIVELY ORIENTED exercise. The cadets don't do any hacking (and I honestly think that unless a gifted or experienced cadet was at an academy with the skills to do a network penetration, they would not meet with much success).

  3. Re:West Point Club by Pinbll · · Score: 5, Informative

    Although SIGSAC was involved, this was done for the Information Assurance class that is taught by the CS department there. This was the culminating exercise. The course teaches security practices, and gives cadets a look into why it is important to program securely.

  4. Re:Curious by Pinb4ll · · Score: 4, Informative

    The tools we used were Nagios for service verification on an external computer (just to make sure we saw what the scorers saw, so we didn't lose points due to their slow network) and one box running Snort through a one way cable. We weren't allowed to let Snort block things, but it let us know who was doing what, allowing us to send up a request to the graders to block the IP. As for checking the untrusted boxes, we were able to run whatever we wanted on them. The root kit that we missed we simply didn't find in the mess of everything else.

  5. Re:Rules? by Pinb4ll · · Score: 3, Informative

    It all came down to the scenario. Built into the game was a notional 'cost' for different network items, making certain items prohibitively expensive. It mainly came down to the semantics of the rules, but the costs were going to be looked at for next year. The overall effect was eliminating the use of some best practices simply because of cost.

  6. Re:Rootkit is payload... by Stickney · · Score: 4, Informative

    "Fedora Core 8 Web server", I'm guessing the Windows system was being run by one of the other teams.
    Yes, we ran a Fedora 8 LAMP server, but we were also required to run a Windows domain controller, an exchange server, and a Windows DNS server, along with two XP user workstations. The rest of our network, to including logging, traffic monitoring, and XMPP services, ran on FreeBSD (our choice). You're right though; not many of the reporters grasped much of what was going on.
    --
    ...the right of the people to keep and bear arms, shall not be infringed.