Download - Defcon Defending Red Team
-
8/7/2019 Defcon Defending Red Team
1/19
Asymmetric Defense
Asymmetric DefenseHow to Fight Off the NSA Red Team with Five People or
Less
Efstratios L. Gavas
Department of Marine TransportationUnited States Merchant Marine Academy
DEFCON 17
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
2/19
Asymmetric Defense
Outline
Introduction
What is the Point?
About the USMMA
About the CDX
Network Design
Overview of Network Design
Quick Guides
Operating SystemsTools
Network
Application Servers
FreeBSD
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
3/19
Asymmetric Defense
Introduction
What is the Point?
Who should listen?These are not solutions for everyone
Small shops with smaller budgets
Limited resources
Unreasonable expectations
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
4/19
Asymmetric Defense
Introduction
What is the Point?
What I hope you take away
Simplicity is the only way to save yourself
If you dont understand it it is notsecure!
Dont be afraid of your system
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
5/19
Asymmetric Defense
Introduction
About the USMMA
What is the USMMA?No, they are not Marines (mostly)
Established to train merchant marine officers Part of the Department of Transportation The folks that operate those HUGEships
Smallest of the five US undergraduate service academies The one you have notheard of
Things they are NOT: Navy, Coast Guard, Marines, normal . . . They may become one of the above (except normal)
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
6/19
Asymmetric Defense
Introduction
About the CDX
What is the CDX?
A week-long, annual information security event for studentsfrom various military institutions Air Force Institute of Technology (AFIT) Naval Postgraduate School (NPS) Royal Military College of Canada (RMC) United States Air Force Academy (USAFA) United States Coast Guard Academy (USCGA)
United States Merchant Marine Academy (USMMA) United States Military Academy (USMA) United States Naval Academy (USNA)
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
7/19
Asymmetric Defense
Introduction
About the CDX
What is the CDX?
Each team is given a mock budget to secure a poorlyconfigured/compromised network
Email, Instant Messaging, Database and Web Servers,Workstations, and a Domain Controller
Administrate network while under live-attacks from NSA
Red Team
Deal with exercise injects Forensics, help-desk requests, DNS and network
reconfigurations
Reporting requirements
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
8/19
Asymmetric Defense
Network Design
Overview of Network Design
Review of USMMA Network DesignKeep It Simple Sailor
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
9/19
Asymmetric Defense
Network Design
Overview of Network Design
How They Came to the Design
Cost Trade-Offs
Administrative Trade-Offs Monitoring Trade-Offs
Mistakes Made Last Minute Course Corrections
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
10/19
Asymmetric Defense
Quick Guides
Operating Systems
Learn multiple OSesVariety is good
Lots of OSes for lots of different jobs Ubuntu, FreeBSD, OpenBSD, Solaris, MacOS, DSL. . .
Look at the NSA guides for some secure configuration www.nsa.gov/ia/guidance/security_configuration_guides/
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
11/19
Asymmetric Defense
Quick Guides
Operating Systems
Learn about multiple OSes
But you cant forget about Windows Use Group Policies
Dont get carried away with Group Policies
Vista is OK. . . for security
A t i D f
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
12/19
Asymmetric Defense
Quick Guides
Tools
A Simple Tool is a Useful Tool
SysInternals
Firewall/IDS Internal Firewall, Core Force
Anti-virus Scanner Ad-Aware, AVG (dont go scan crazy)
Pass-phrases vs passwords
A t i D f
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
13/19
Asymmetric Defense
Quick Guides
Network
Layout of the NetworkLogical and Physical
VLANs or,
Real LANs
This option exist for small networks
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
14/19
Asymmetric Defense
Quick Guides
Network
Firewall/Gateway Applications
Survey of Firewall/Gateway Applications
m0n0wall
IPCop
Untangle
pfSense
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
15/19
Asymmetric Defense
Quick Guides
Application Servers
Application Server Tools
Survey of Application Server Tools eBox
Webmin
Untangle
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
16/19
Asymmetric Defense
Quick Guides
FreeBSD
Dont be Afraid of FreeBSD
Boris Kochergin teaching us how to fish...
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
17/19
Asymmetric Defense
Quick Guides
FreeBSD
Using FreeBSD for routing
FreeBSD vs m0n0wall NAT
VLANs
pf ANDipfw
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
18/19
y
Quick Guides
FreeBSD
Using FreeBSD for Application Servers
FreeBSD vs eBox
Email
Webserver
Database
Jabber
Asymmetric Defense
http://find/http://goback/ -
8/7/2019 Defcon Defending Red Team
19/19
y
Summary
Summary
With a small team, and a limited budget, simplicity is critical.
Use the simplest possible security, but no simpler.
Remember, if you dont understand it it is notsecure! Security is about exploration. Jump in, and dont panic.
Final Words
If you hack boats, or students, contact me(gavase{at}usmma[.]edu)
Suggestions welcome
http://find/http://goback/