December 5th, 2003 01:47 AM
Tutorial: Wargames: Part 1
As some are aware, I'm a professor at a college. One of the courses I teach is Introduction to Internet Security. As part of that course I've implemented "wargames". Wargames are a 4 week period where students attack each other (and defend against those attacks) to get somewhat of an experience of what they might face when being an admin out there in the real world. At the end of the 4 weeks they write a report on the methodology they used for their "role". I'm a firm believer in the use of hands on experiences and application of techniques to understand the need and the how of security. Everytime I talk about the wargames people seemed interested in learning about them. I'd thought I'd write out the reasons and concepts that I considered when creating and adding these.
When I started writing this, I envisioned a single tutorial. Given the amount of material I will have to split the information into multiple tutorials (4-5) that will cover:
a) how to setup a wargame
b) Hacker/attacker role
c) Defender/admin role
One caveat: In no way should you use this in an illegal manner. Do not attack your ISP, company or others without written consent from the proper authorities/management. If you choose to attack someone without their permission you may run the risk of being charged with a felon (depedent upon the laws of your nation). I DO NOT ADVOCATE THIS, ENCOURAGE THIS NOR SUGGEST YOU DO THIS.
The purpose of wargames is to offer a safe environment with which to experiment. As we are aware, it is illegal to "hack" other systems without the owner's consent. I know that students will try things (and play with "toys"). Rather than them getting arrested, the wargames allows for exploration and understanding with minimal to no risk (as long as the rules are followed).
1) Do not erase your opponents machine
2) Ask your opponent beforehand if you can attempt to attack their machine. This rule is lifted when doing a technique of "unknown audits" against targets. Best done with many groups of "attackers" and "defenders".
3) Attacks that are outside the LAN (internal/private network) towards live public machines results in an F (obviously if this isn't an educational setting, it should result in i) banishment from further wargames ii) potential to be arrested).
Wargames: Machine(s) requirements
The machines should be in good working condition. Hard drives should be easily erased and rebuilt. Attackers can use multiboot systems while defenders use single-OS systems (or remain in a single OS). Combinations of attacker vs defender could be:
- Windows vs. Windows
- Linux vs. Windows
- Windows vs. Linux
- Unix vs. Linux
Planning is key to a successful wargame. At a school it's easy to have machines coordinated in a single lab. For home users there are a few options:
a) acquire some older machines and use those for the wargames. Plan in advance what OS is going to be the target/victim "de jour" and install it. Configure it loosely to begin with but learn how to lock down what will need to be locked down. Select one person who can host the "Wargames Party". Ensure that everyone that is involved signs an agreement that covers the rules and strictly enforce it with a firewall that limits activities. If you want to go further, ensure that people come prepared and allow no internet access. Agree to default services that will run on the defender's box. I usually pick common ones on the Internet like DNS, FTP, HTTP, etc.
b) attackers need to research all the potential vulnerabilities and acquire the necessary "toys" to exploit those vulnerabilities. Google is a powerful friend. Other sites include (but not limited to): Packetstorm Security, Security Focus, SecuriTeam, NetSys.com, astalavista, Zone-h.org, etc. Utilities like nmap, nessus, SAINT/SARA/SATAN, hping2, etc. should also be on hand. Don't forget things like DoS and DDoS, sniffers, hijack tools and more. One thing might be to take a distro like knoppix and customize it with the tools you want to use regularly.
c) defenders need to learn their OS and the services/daemons they will be running. Research is key for vulnerabilities, patches, fixes, secure installations, etc. Defenders should not have long term blocks on attackers ip addresses (does take away the fun of it sometimes). Defenders should come with machines perpared and if need be, CDs with latest upgrades, patches, etc. if internet access is lacking.
d) network setup should be agreed upon beforehand. Most "Bang for buck" scenario is a straight network configuration with a hub. You can go fancier if you want to test setups with firewalls, IDs and honeypots.
Everyone should have a log book to record everything they did before and during the wargames. It should also list where they went to get whatever information. Details are important here so leave nothing out. If the wargames get hot and heavy, use history files, logs, human memory and, if possible, audio recordings to put the pieces together.
The last tutorial will talk about report writing. The value of a wargame is lost when people are unable to learn from the experience. The ability to explain what you did, how you did it, why you did it and what to do to prevent bad things from happening is powerful. For my students, success in the wargames isn't determined by compromising the system but by seeing the methodology they used to attempt to compromise a system. In the real world an attacker has months sometimes to prepare an attack. In this case, you have but a few hours.
Attacker: sometimes referred to as "black hat hacker", "bad guy", "evil dude", this is the person that attempts to compromise a machine. They will use whatever is available to them including social engineering. Generally, what they do is illegal.
Defender: sometimes referred to as "good guy", "administrator", this is the person that attempts to thwart attacks and mitigate their effect. Often overworked, underpaid, under appreicated and lacking sleep, tries to be alert to any new tricks that are thrown at him/her.
Auditor: sometimes referred to as "white hat hacker", this person is legally allowed to break into systems. Their job is to find the vulnerabilities and suggest better courses of actions for situations. Attacks can be done against procedures, OSes, applications, network devices, methodologies, etc. Audits may be known to the defender and may be done without the defender's knowledge (but with CEO approval).
Hacking: IMHO, hacking is the expert understanding of a particular system. What that system is varies from situation to situation. A hacker is the expert on that particular system. e.g., Wayne Gretzky is (was?) the hacker of the NHL when it came to scoring. A hacker is someone who understands that system to that kind of level.
System: a logical interaction of objects and subjects. This could be the way an organization works, how a computer works, how a protocol works, how a phone works, how a department works, how humans interact. See hacking.
Script Kiddie: an individual that desires to be a "hacker" but doesn't want to take the time nor is interested in the necessary finite understanding of the system. Often refuses to do research on their own and refuses to record activities for future learning.
Social engineering: the ability to convince an individual to respond how you want them to respond and give forth information that normally wouldn't be given out. This is often done through the use of empathy, annoyance and other feelings. Relies on the "mark" being busy or wanting to help.
December 5th, 2003 02:04 AM
Wow! Great tutorial! I can't wait for the rest.
I'd love to have you as a professor.
Is it possible for US students to attend your classes? Obviously... I'd have to come up there...
Do you do seminars? I can get work to send me to those...
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
December 5th, 2003 02:09 AM
Me either. That sounds like fun. I don't think I'd be very good at it though. I guess the more you experience the more you learn and the better you become. Great tutorial!!
Originally posted here by phishphreek80
Wow! Great tutorial! I can't wait for the rest.
December 5th, 2003 02:10 AM
Nice tutorial mittens...You made alot of good key points here..I think it would be cool to be one of your students.. Good day
"Serenity is not the absence of conflict, but the ability to cope with it."
December 5th, 2003 02:20 AM
War Gaming as a classroom exercise?? Sounds like a blast. It's the experience I've always wanted to gain in class, but the schools have been to damn wimpy...well, here in the US at least. Guess I'm on my own to set up a closed network to break into and defend.
Excellent post, Ms. Mittens, I'm looking forward to the rest.
December 5th, 2003 02:28 AM
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
December 5th, 2003 03:02 AM
I've said this many times during my presence in the US...This country is too "childproof" and the bad guys always know more than the good guys because the good guys are always undertaught and whoever is teaching is affraid what the student could do with the knowledge. What mittens is teaching is what i'm craving for. I'm being fed with a TON of BS in my computer engineering major. Can hardly wait to see the other tutorials mittens. Thank you so much for the information. I'd give you some APs but I doubt they'd do you any good
December 5th, 2003 03:43 AM
Awesome. Cannot wait for the rest. Until then, I'm going to go exploit some power supplys. (...unplugging.....uhhh that joke sucked.....)
December 5th, 2003 04:55 AM
Great tute MsMittens. I do look forward to the rest of the series.
Also, I have some good logs of previous wargames I've been in. I always keep very, very detailed logging of my actions, as I agree with MsMittens that it is important to do so.
MsMittens: Do you mind PMing me what school you teach at? I'm going to be going to college this coming year, and was wondering if you taught at one of the schools I might be applying.
December 5th, 2003 05:19 AM
You are way better than my computer science teacher. Hes so paranoid about everything. He wont even let us access the internet to play games or whatever. To pass our time we have to play solitaire and after a while it gets old fast. Even playing solitaire is kinda pushing it to him. He gets mad at us for using the command line to compile a java program.
Cant wait for the rest.