Sunday, March 17, 2013

ISGC 2013 Security Workshop

Today is the first day of ISGC 2013. Many dedicated individuals have arrived two days before the welcome ceremony to attend a series of targeted workshops. The first day brings dCache and Security.

In the Security workshop, Lief Nixon puts on his black hat to play the role of a malicious hacker. Participants split into teams of three - and made responsible for running a series of servers in a mystical Star Trek universe - to defend against a range of attacks. From valid user accounts running remote login servers to poorly coded website scripts being exploited to undermine password security, the attacks came hard and fast.

Like all good computer games, the attacks were arranged in a series of levels, and there were secret 'flags' to collect for extra points. However, it was very much grounded in reality - once an exploit was successfully eradicated a detailed incident report had to be submitted. In addition, while the attacks were ongoing, a legitimate user load was simulated.

Normally, an attack would come in, some time would be spent to find out exactly what it was, and how it occurred, then working to eradicate it from the system. However, toward the end, some teams had started proactively locking down their systems - frustrating the organisers. The image below shows the reaction when a backdoor login process was blocked by a firewall.

"SIGINT has captured large amounts of Klingon swearing about firewalls on Tellar"

The session finished with a discussion, which was widely positive, and left the attendees asking for more and expressing their enjoyment - well worth coming in those couple of days early.

In Taipei, the supply of delicious food is secure. Another reason to come in early.

No comments: