Skip Links

Internet security . . . writ very small

Miniature version of the 'Net used to assess security schemes.

By , Network World
June 06, 2005 12:08 AM ET

Network World -

Like a ship in a bottle, the Internet-Simulation Event and Attack Generation Environment is a miniature version of the real thing: It's the vast Internet shrunk to fit onto a high-speed LAN on the floor of a building in a research park adjacent to the Iowa State University campus in Ames.

Iseage (pronounced "ice age") lets you model an attack on your network without having to put your real one on the line.

"It's a test bed for information warfare," says Iowa State University Professor of Computing Doug Jacobson, who heads up the project, which is funded primarily by the Department of Justice. "We'll look at attack tools and defense mechanisms. Our goal is to have this as a point where organizations can test security paradigms."

The school last year snagged a half-million dollar grant from the Justice Department, with another $700,000 promised for this summer, to build the miniature Internet. Agriculture and construction equipment manufacturer John Deere also kicked in $30,000. Iseage, basically a collection of PCs, servers and switches using custom-designed software to simulate routers and network nodes, was ready for its first game of Beat the Hacker last month (see diagram).

Wider Net archive
Our collection of stories that go beyond the speeds and feeds of the network and IT industries.

Iowa State's Cyber Defense Competition pitted teams of university students, who defended Web sites, mainly of their own design, against security professionals playing the part of attacker.

"My role was to break in and crash their servers," says Adam Kaufman, information security analyst for the state of Iowa in Des Moines. "It gave them a taste of what an attack is like."

The Web sites being defended ran on Windows, Unix and open source operating systems. Some of the students who protected the sites used the Snort intrusion-detection system, and assorted firewalls. Competition organizers supplied content for the Web sites.

The competition, which lasted for 20 consecutive hours, began by having Red Team attackers use scanning tools, such as nMap freeware, to find out each student team's software configurations and determine where weaknesses might lie.

"I also used the Web Inspect scanner to find a vulnerability in a PHP page, for instance," Kaufman says. "One team had a server that allowed us to run commands on it. Or we could upload files."

The scoring for the competition proceeded - as in golf - by adding up points for mistakes, making the lowest score the winner.

"The winning team recognized the attack before the other ones," Kaufman says. "You had to send e-mail to the judges to let them know you saw what was happening. Some teams didn't even recognize we had broken into their server."

"We were supposed to configure the Web server to be secure, but mistakes allowed them to run Linux commands on our server," says Iowa State student Sean Howard, who was part of the winning team.

"They managed to get in and send a few e-mails," says Howard, who last month graduated with a bachelor's degree in computer engineering and intends to study information assurance on a graduate level. Overall, the battle on Iseage provided many lessons about how it would feel to have to defend a corporate network, he says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News