|
| NSA Takes On West Point In Security Exercise |
 |
Mon, 12 May 2008 03:52:29 -050 |
And despite the relative sophistication of the NSA's assaults, the agency
told Wired.com that it had tailored its attacks to be just "a little too
hard for the strongest undergraduate team to deal with, so that we could
distinguish the strongest teams from the weaker ones."
In other words, grasshopper, nice work -- but the NSA is capable of much
craftier network take-downs.
http://www.wired.com/politics/security/news/2008/05/nsa_cyberwargames?currentPag
e=all
|
| Post Reply
|
| Re: NSA Takes On West Point In Security Exercise |
 |
Mon, 12 May 2008 03:58:48 -050 |
"catseyenu" <catn@urdreams.com> wrote in message
news:4828054a$1@APPSERV1.gamewoodapp.net...
>
http://tech.slashdot.org/article.pl?sid=08/05/11/120216
"I was also in the exercise... from the NSA side ;) (I have to post
anonymously). I agree that the article IS very lean on details (as it should
be), and geared toward a somewhat nontechnical audience. I have a different
perspective from what the cadets at the USMA saw, as I experienced it from
the opposition side.
The network directive given out to the academies had stipulation they had to
follow, and a scenario that reflected real world situations (the cadets were
setting up a network that included VMs of computers they HAD to include in
their network). The network directive also had costs associated with
anything the cadets wanted to do. So if they wanted to park a cadet at a
Snort terminal for the duration of the exercise, that had a cost associated
with it, as did setting up VLANS, using IPSEC, other IDS sensors, firewalls,
host/service monitors, etc. Each academy had to submit their network
structure for review and approval prior to STARTEX. The scenario reflects
real world situations that would come up in most operations that involve
other allied nations.
The NSA was strictly there to attack the networks and document any exploits
they succeeded with. I can't go into details as to what our Rules of
Engagement were, but suffice to say that we met with success with every
school that was actually scored (the two graduate schools that participated
were not scored).
The whole goal of the exercise is to prepare the cadets for SECURING a
network against information security threats. It is a DEFENSIVELY ORIENTED
exercise. The cadets don't do any hacking (and I honestly think that unless
a gifted or experienced cadet was at an academy with the skills to do a
network penetration, they would not meet with much success)."
|
| Post Reply
|
|
|
|
|
|
|
|
|
|