Canned Attack/Defend
CyberProtect
•Defensive Role in four period simulation
•Apply Resource Units to 9 different InfoSec budget items, e.g. AntiVirus, Firewall, Access Controls, etc
•Experience 9 Types of Attacks DDOS, Sniffers, etc
•Decision Tree type approach
Next area is Canned Attack Defend
Characteristics
Canned rules,
Limited (but often numerous) scenarios, fixed decision tree execution paths
Often some random elements
High up front building costs – multimedia package like Visual Basic, Macromedia Authorware: Rule of thumb (conservative) – 300 man hours for each hour of output

“I liked cyber protect because”:
- It felt real, programs got stale and needed updating. It exploited where I was weak
- Overall, this is an excellent product and one which I will take home to my network professionals and insist they give me a certificate.
- I found the CyberProtect exercise to be very instructional.  It did take me a while to get through the exercise but I was finally successful.  It was a good exercise and very informative.
- I found CyberProtect to be an excellent tool to test the knowledge of someone charged to protect an agency's infrastructure.  This is a tool that I will take back and provide to my team, and others within the department.
- When using the tool, one would quickly found out that if you did not at least cover your bases you were exposed and open to attacks.  This did not mean you had to purchase the high-end tools, but strategically placing low end items were the network could handle it, and balancing between the middle to high ranges.  Upgrades could be applied if funds were available later on.
- Overall, hands-on allows the students to understand the process.  There were issues that were raised that provoked questions.....the whole purpose of the exercise.”