For an information system, security means the ongoing ability to provide the system's service while maintaining the CIANA properties.

This lab will be broken up into two parts. In the first part, each team will secure its network. In the second part, each team will attack the other's network. Remember, though, your efforts to secure your network cannot interfere with the network services you must provide!

Do this first, i.e., NOW, right away:

Connect to your IRC Chat Server: give the command xchat& in shell, then click connect.

Network services you must provide HOWTO's
  • WWW: Your webserver must remain up and accessible to everyone: the instructor, your team, and your opponent's team. Your two webpages (index.htm and aboutus.htm) must be available and the message board capability on the home page must be functional.
  • SMTP: email service (running on your webserver host) must remain up and accessible to only your team.
  • DNS: Your nameserver must remain up and name service accessible to everyone: the instructor, your team, and your opponent's team.
  • IRC: chat services (running on your nameserver host), must remain up and accesible to the instructor, your team, and your opponent's team.
  • SMB: Your workstation must remain up and its filesharing service accessible to only your team.

  • The following user accounts (though not these specific passwords!) and access must be retained:
    Blue Team
    host username(passwd) remote access
    gw.blue.net vyatta(vyatta) ssh from within your network
    www.blue.net Administrator(*blue*92) rdesktop from within your network
    ns1.blue.net root(daboss), sysadmin(*blue*92) ssh from within your network
    wksta.blue.net Administrator(*blue*92), mike(spelunker),
    jane(garfield), bill(camperguy)
    rdesktop from within your network
    Gold Team
    host username(passwd) remote access
    gw.gold.net vyatta(vyatta) ssh from within your network
    www.gold.net Administrator(gold@@55) rdesktop from within your network
    ns1.gold.net root(daboss), sysadmin(gold@@55) ssh from within your network
    wksta.gold.net Administrator(gold@@55), kent(spelunker),
    betsy(dudley), melissa(campergirl)
    rdesktop from within your network
  • On request, you must be able to show the instructor your sensitive information: the four ASCII tokens.
    You may not change their filenames or where they are stored, but you must secure this sensitive information from your opponent!
    Blue Team Bambi: starts as plaintext located in /home/sysadmin, on ns1

    Pegasus: starts as AES ciphertext located in mike's My Documents on wksta
    (it was encrypted using as an AES key the MD5 hash of passphrase calavera)

    Snoopy: starts as RSA ciphertext posted on www.blue.net
    (it was encrypted using bill's private RSA key, which was saved as plaintext in a file in bill's My Documents on wksta)

    Honeybadger: starts as plaintext, steganographically hidden in the bluebike.bmp image visible on the www.blue.net home page
    Gold Team Pegasus: starts as plaintext located in /home/sysadmin, on ns1

    Snoopy: starts as AES ciphertext located in kent's My Documents on wksta
    (it was encrypted using as an AES key the MD5 hash of passphrase calavera)

    Bambi: starts as RSA ciphertext posted on www.blue.net
    (it was encrypted using melissa's private RSA key, which was saved as plaintext in a file in melissa's My Documents on wksta)

    Honeybadger: starts as plaintext, steganographically hidden in the goldbars.bmp image visible on the www.gold.net home page
SVG Object Unsupported