Powered byPowered by Connecting Organizations, Building Community

Michigan Cyber Michigan Cyber RangeRange

Michigan Cyber Michigan Cyber RangeRange

Powered by

IntroductionIntroduction

2

Powered by

IntroductionIntroduction

Dr. Joe Adams Vice President of Research and

Cyber Security 26 years Army Signal Corps Associate Professor at US Military

Academy 3 time winner of the NSA’s Inter-

Service Academy CDX Senior Member IEEE

3

Powered by

AgendaAgenda

Who am I? Where is the Threat? How am I at risk? How to prepare?

4

Powered by

Attack SurfaceAttack Surface

5

Powered by

Attack SurfaceAttack Surface

6

Powered by

Attack SurfaceAttack Surface

7

Powered by

Attack SurfaceAttack Surface

8

Powered by

Attack SurfaceAttack Surface

9

Powered by

Why is this so hard?Why is this so hard?

10

Powered by

PlansPlans

11

Powered by

The Price of Doing BusinessThe Price of Doing Business

12

Powered by13

Powered by

Security TheaterSecurity Theater

14

Powered by

An Example of WhyAn Example of Why

15

Powered by

What can we do?What can we do?

16

Powered by

What has to be protected?What has to be protected?

17

Powered by

What can we monitor?What can we monitor?

18

Powered by

What is on its own?What is on its own?

19

Powered by

Make a planMake a plan

20

Powered by

PolicyPolicy

21

Powered by

Education and AwarenessEducation and Awareness

22

Powered by

The ResultThe Result

23

Powered by

But then…But then…

24

Powered by

Practice the planPractice the plan

25

Powered by

CommunicationCommunication

26

Powered by

Fight complacencyFight complacency

27

Powered by

Internal AuditsInternal Audits

28

Powered by

Build HabitsBuild Habits

29

Powered by

It only takes onceIt only takes once

30

Powered by

What we’ve talked aboutWhat we’ve talked about

31

Powered by

What we’ve talked aboutWhat we’ve talked about

32

Powered by

What we’ve talked aboutWhat we’ve talked about

33

Powered by

What we’ve talked aboutWhat we’ve talked about

34

Powered by

Skills training & maintenance

Classes Events Networking

Accessible

Persistent

Using the Cyber RangeUsing the Cyber Range

Powered by

ClassesClasses

17 Certifications Pen Testing, Incident Handling, Ethical Hacking Forensics Leadership Disaster Recovery

Classes held: At Merit or at the customer’s location Online

Cost includes: Tuition Certification Exam

http://www.merit.edu/cyberrange/courses.php

Powered by

Capture the FlagCapture the Flag

Self-Paced Threads of flags to find

Individual skills Penetration testing Forensics SCADA

Scoring engine Encourages competition

Powered by

Force on ForceForce on Force

Paintball Multiple teams; everyone for themselves Penetrate system, plant a flag, secure the system

Red vs Blue Focus on system & service

security and continuity Force on Force

Incident Response Asynchronous Red team creates havoc Blue team diagnoses and

recovers

Powered by

Welcome to AlphavilleWelcome to Alphaville

Powered by

AlphavilleAlphaville

Powered by

AlphavilleAlphaville

A persistent training environment A Network of Things More realistic than an IP range

Every exercise is a separate, customizable copy of the town and its infrastructure

Heterogeneous environment Wide variety of operating systems and services Residents of Alphaville provide “background noise” Bot nets, rootkits, and backdoors

Powered by

Flexible terms & pricing Pay for what you use

Voucher/Credit system

Using the Cyber RangeUsing the Cyber Range

Powered by

Questions?Questions?

http://www.merit.edu/cyberrange/43