Presentation Transcript

1. Pacific Rim Collegiate Cyber Defense Competition

   CCDC Team Lee VanGundy, Nate Krussel, Theora Rice, Morgan Weir, Scott Amack, Jason Fletcher, Maxine Major, Travis Marquis
2. Overview Competition When How it works Competition Plan Beginning During the Competition Individual Presentations CCDC Team
3. PRCCDC March 23 & 24, 2013 Pre-Qualification Cancelled Winner of Regional Goes to Nationals
4. Rules/How the Competition Works Basic Scenario IT services for company Must maintain services designated by White team Don’t Hack the other teams (including Red) Complete Business Injects
5. Rules/How the Competition Works First Day Bring your network up to standards Red team install back doors Second Day Try to stay live Red team breaks anything and everything
6. Competition Plan First Hour or Two Setup Rest of the Competition Business Injects
7. Beginning Disconnect Network Harden Machines Servers Workstations Multiple servers one machine? IDS Bring Network back online
8. Rest of the Competition Business Injects Delegated by: Experience Time available Maintain Network Incident Reports

9. Cisco Router and Switch

   Security and Network Communication Configurations Trevor
10. Switch & Router Disable remote access to devices (Telnet & SSH) Disable HTTP(S) servers Enable secret passwords (encryption) Install ACL’s to secure access to specific networks & devices Trevor
11. Switch Configure storm control protection Configure ARP spoofing protection Set up VLAN’s to segregate hostile from trusted networks Block untrusted ports from broadcasting and multicasting packets through the network Trevor
12. Router Setup routing based upon network segments and subnets and to reach the internet Configure Inter-VLAN routing based upon the IP subnets given to our team Protect against packet fragments, spoofed IP’s and MAC’s Trevor

13. Forms, Presentations, Policy and a little bit of Snort

    Theora
14. Forms Two Forms Business Inject Incident Response Specify information needed Organization Future Planning Theora
15. Policy and Presentations Policy Reviewing Policy challenges from last year Planning Collecting possible examples/dictionary for binder Presentations Reviewing Remembering advice from last year More pictures and technical descriptions Planning Keeping on top of current technology trends I’m an Image Theora
16. Intrusion Detection System Backtrack 4-5R3 all come with Snort Practice Configured Snort to run on Backtrack in Proton Changing the .config file Conducted some beginning tests Reviewing default rules Theora

17. BASE

    Basic Analysis and Security Engine Jason
18. Front-End Analysis for Snort Graphical Representation of Traffic/Alerts Can Search Alerts Quick Analysis of Results Jason
19. Graphical Representation Jason
20. Searching Jason
21. Analysis Jason
22. Setup – Requirements ADOdb Database Abstraction Library for PHP (ADOdb) MySQL (make sure Snort is configured to use it) Jason
23. Setup Move ADOdb mvadodb /var/www Move BASE and chmod the folder to 757 Allows BASE to write the Setup file Open Web Browser, go to BASE Setup page Jason
24. Setup page Jason
25. Finishing Enter ADOdb path (/var/www/adodb) Enter MySQL info (user name, password, etc) Enter Authentication Information Jason
26. Optional – Graphs Install PHP Extensions: pear install Image_Color pear install Image_Canvas-alpha pear install Image_Graph-alpha Jason
27. Software to Use BitDefender (Workstations) ClamAV (Servers) Rkhunter, chkroot (Linux Servers) Morgan
28. OS Hardening Windows Disabling remote desktop Rotating Passwords Etc. Linux Disabling root account Change ssh port Etc. Morgan
29. General OS Hardening Binders Server setup Other information for all tasks Step-by-step Setup for server devices Hardening Ubuntu Guide.doc Hardening Windows Guide.doc Scott

30. WordPress

    And all the stuff it affects Maxine
31. Goal Identify specific weaknesses WordPress internals Integrated systems (MySQL, phpMyAdmin, Apache) Create guide for initial hardening First 20 min / First 60 min Maintenance / special case vulnerabilities Documentation for potential business scenarios (plugins / widgets) Maxine
32. WordPress Weaknesses Majority of reported vulnerabilities are XSS. Metasploit: CVE-2005-2612WordPress cache_lastpostdate Arbitrary Code Execution CVE-2009-2335Wordpress Brute Force and User Enumeration Utility http://www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337 Maxine
33. WordPress Hardening Current Version Current ver. Is 3.5.1(Dec 2012) Upgrading is ideal, but time consuming. Old versions are not patched. Common sense: Clean up unused plugins, user accounts, etc. Limit login attempts Delete Admin login. Log in  create new user with admin privileges  log in with new user  delete admin. Permissions – change recursively: For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \; Move wp-config.php outside web root. Change permissions to 600. WP implemented security keys Random salt generator wp_ prefixes All wordpress database files prefixed with wp_. Change (complicated) Maxine
34. WordPress Hardening Enable SSL (wp-config.php) Disallow bots (robot.txt in root Advanced rules in .htaccess Delete readme (can be used for fingerprinting) Additional hardening: Limit admin/user access by IP Hide hard URL (use relative) Deny bad query strings (script in .htaccess) Delete MySQL “test” database (and any other associated unused DBs or users) Fingerprint source code / header removal PHP intrusion detection (PHPIDS, Mute Screamer) Maxine
35. Plugins Benefits of security-enhancing plugins. E.g.: Bulletproof securityXSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Vulnerability scanners Anti-Malware, Exploit Scanner, Security Ninja Lite, Monitoring plugins 5-minute stat reporting through Verelo .. And potential problems. E.g.: W3 Total Cache (W3TC) plugin flaw leaves directories exposed & data vulnerable to brute force cracking Google Document embedderweakness of arbitrary file disclosure. Older versions of WordPress have long-running vulnerabilities (e.g. prior to 2.8.1, failed login attempts validate usernames) Goal: Identify tested & trusted plugins to minimize searching at competition time. “Free WordPress Themes” IS A BAD IDEA. 8/10 had malware. Get plugins only from WP repository. Maxine
36. Business Scenarios Last year, business inject requested live tech support. Additional plugins/widgets: Ratings modules Sitemap Google maps eCommerce & shopping carts: PayPal, etc. Retweeting / liking / sharing Registration / membership Redesign (Most of these are easy to find at http://wordpress.org/extend/plugins/) Maxine

37. Domain Controller

    Nate
38. DC - Group Policy Learn to deploy group policies quicker Look at group policies from last year Pre-write GPO Find popular GPO’s to reduce exploits Nate
39. DC - Hardening Get large amounts of patches Discover tips for DC hardening Production Server requirements NIST Windows Server hardening Nate
40. DC - Business Injects Create a VPN quickly and efficiently Look at past injects to see what was required Learn to do these fast to reduce time User management Least privilege Nate