|
|
|
|
|
Characteristics/Benefits
|
|
Best way to go
if available.
|
|
Uses real
networks, real software,real exploits
|
|
Harmless
|
|
|
|
1st
Service Academy Competition last April, includes awarding of trophy. Judged
by expert team at NSA. Quote from Col/Dr Don Welsh, USMA “The highest
learning I have ever seen as an educator took place in this one week
exercise.”
|
|
|
|
SANS ID’net
here in DC Rules of Engagement
|
|
|
|
Activity Points
|
|
Port Scan 1
|
|
Script
Kiddie 5
|
|
Recent
Exploits 10
|
|
Old
Exploits 20
|
|
New Exploit 50
|
|
|
|
No denial of
service or DDOS attacks; Can defend: must allow basic services:
web/mail/ftp/DNS; After attack is successful, cannot be repeated
|
|
|
|
Drawbacks
|
|
Big $ to set up
– hardware, software, labor
|
|
Reset after
exercise may even include complete reload of OS, databases, etc
|
|
Good primarily
for only System Administrator level training, some managerial level awareness
|
|
|