Cyber Defence Exercise Locked Shields After Action Report
|
|
- Ami Johnson
- 8 years ago
- Views:
Transcription
1 Cyber Defence Exercise Lcked Shields 2013 After Actin Reprt Tallinn 2013
2 1 Executive Summary This reprt describes the technical cyber defence exercise (CDX) named Lcked Shields 2013 (LS13). The intended target audience f the dcument cnsists f: the Blue Teams f LS13, t give them a detailed verview f the events and prvide feedback; parties wh cnduct similar exercises, t share ur experiences with the cmmunity; and the rganisers f the Lcked Shields, t identify lessns n hw t imprve future exercises. LS13 was a technical CDX executed n April Ten Blue Teams, cnsisting f up t 10 experts in IT and 1-2 legal advisrs, were the main training audience. They were acting as rapid reactin teams wh had t defend virtual netwrks against the Red Team's attacks, accmplish rders given by headquarters, fllw the lcal news and respnd t media inquiries, and analyse the legal aspects f their missin. The main bjective f LS13 was t test the skills f the Blue Team members, educate the legal experts n IT and pressure the lawyers with cmplex legal tasks. The scenari engaged the Blue Teams in a missin under UN mandate in a fictinal cuntry called Blea where the cnflict between the nrthern and suthern tribes had escalated t a level where the lcal gvernment was frced t request help frm the internatinal cmmunity. In additin t traditinal hstilities, cyber attacks began in April 2013 against the IT systems f lcal Aid rganisatins. Ten Blue Teams were requested t be deplyed in rder t prtect unclassified military netwrks and Aid rganisatins' netwrks. The Blue Teams were well prepared and were mre successful in preventing, detecting and mitigating the attacks than thse in previus Lcked Shields exercises. In the cntext f LS13, the fllwing areas were mst challenging fr the Blue Teams: Defending web applicatins. Detecting custm malicius cde. Mitigating BGP hijacking attacks. Initiating efficient infrmatin sharing. A Red Team cmpsed f ad-hc vlunteers is n lnger sufficient t prvide realistic challenges fr the Blue Teams. Mre permanent, better prepared and better c-perating teams are needed. Better tls are required t prvide feedback t the Blue Teams n the ffensive campaign. The technical platfrm fr LS13 was stable and perfrmed well. Building a Gamenet which includes mdern technlgies (e.g. mbile devices) and scenari specific cmpnents (e.g. military C&C systems) t reflect mre clsely the cmplexity f real wrld netwrks remains a challenge. LS13 was rganised in cperatin with the NATO Cperative Cyber Defence Centre f Excellence, the Estnian Infrmatin Systems Authrity, Estnian Defence Frces, the Estnian Cyber Defence League, Finnish Defence Frces and many ther partners.
3 2 Cntents 1 Executive Summary Cntents Overview f Lcked Shields Cncept Timeline Training Objectives Descriptin f the Teams Blue Teams and Legal Advisrs White Team Red Team Green Team Yellw Team Participants Scenari Scenari in a Nutshell General Backgrund Recent Develpments Technical Envirnment Cre Infrastructure Gamenet Scring Red Team Campaign Overview Red Team Objectives Tlset Client-Side Team Phase I Phase II Phase III Phase IV Custm Pre-Planted Cde... 21
4 4.5 WEB Team Phase I Phase II Phase III Phase IV Netwrk and Mixed Team Phase I Phase II Phase III Phase IV Pst-Explitatin Balance f the Attacks Cnclusins Blue Team Defence Campaign Intrductin Preparatins Cmmn Practices Blcking Access and RBL Less Cmmn Practices Questinable r Frbidden Practices Security Sftware n Windws Systems Infrmatin Sharing Scres Injects Scenari Injects Media Injects Legal Injects Legal Play Intrductin Injects Team Setup Feedback n Executin Results Recmmendatins t the Blue Teams
5 8.1 Prtecting Web Applicatins Prtecting ther Parts f the Infrastructure Reprting and Infrmatin Sharing Intrductin Yellw Team Feedback fr the Blue Teams Cnclusins Media Respnse Observatins and Recmmendatins t Imprve Lcked Shields Exercise Organisatin Scenari Teams White Team Red Team Green Team Legal Team Yellw Team Cmmunicatin Infrmatin Sharing and Cllabratin Situatinal Awareness Scring Technical Envirnment Cre Infrastructure Cllabratin, SA and Scring Platfrm Gamenet Rules Administrative Issues Acknwledgements Acrnyms
6 3 Overview f Lcked Shields 3.1 Cncept The key characteristics f LS13 were as fllws: It was a live, technical, Blue/Red Team exercise: Blue Teams had t defend netwrks against real-time attacks. It was internatinal: 18 rganisatins frm 15 natins were engaged int preparing and executing LS13. The type f the exercise was a game: the teams did nt represent the real rganisatins they are wrking fr during their daily jbs but were placed int fictinal rles. A lab envirnment was used instead f prductin netwrks. Over the curse f tw days the Blue Teams had t defend a pre-built netwrk cnsisting f rughly 35 virtual machines against the Red Team's attacks. The infrastructure was initially insecure and full f vulnerabilities. T prvide feedback t the teams and measure the success f different strategies and tactics, Blue Teams were assigned autmatic and manual scres. Each Blue Team was accmpanied by 1 r 2 legal advisrs t encurage and facilitate cperatin, cmmunicatin and understanding between the technical and legal experts. Red Team members were nt cmpeting with each ther. Their bjective was t cnduct equally balanced attacks n all the Blue Teams netwrks. LS13 was rganised by NATO CCD COE in cperatin with Estnian Defence Frces, the Estnian Infrmatin Systems' Authrity, the Estnian Cyber Defence League, Finnish Defence Frces, and many ther partners. 3.2 Timeline The timeline and main events list fr LS13 can be fund in the fllwing table. Date Event 22 Nv 2012 Initial Planning Cnference (IPC) 8-9 Jan 2013 Main Planning Cnference (MPC) 15 Mar 2013 Test Run 26 Mar 2013 Final Planning Cnference (FPC) 04 Apr :00Z (15:00 EEST) Webinar I: General Infrmatin. Strategies and tactics - lk int CDX 11 Apr :00Z (15:00 Webinar II: General Infrmatin. Reprting. Legal play EEST) Apr 2013 Preparatin Days: access fr Blue Teams t Gamenet 18 Apr :00Z (15:00 Webinar III: General Infrmatin. Scring. VSRm EEST) Apr 2013 Executin and Ht Wash-Up
7 5 Jul 2013 After Actin Reprt Review 3.3 Training Objectives The bjective was t test the skills f Blue Teams in the fllwing areas: 1. Learning the netwrk. Blue Teams were respnsible fr securing and maintaining systems previusly unknwn t them. They had t cmpile lists f assets and vulnerabilities, assign pririties t the assets, etc. 2. System administratin and preventin f attacks. Administrative tasks and hardening cnfiguratins were cntinuus activities. Day 0 vulnerabilities were simulated by nt allwing the teams t patch certain systems. 3. Mnitring netwrks, detecting and respnding t attacks. Gd mnitring skill was the key capability required t defeat the Red Team. 4. Handling cyber incidents. Priritisatin, reactin-time, and clarity f shared infrmatin were cnsidered when measuring this aspect. 5. Teamwrk: delegatin, dividing and assigning rles, leadership. The teams were verladed with tasks s that better rganised and managed teams wuld be mre successful. 6. Natinal and internatinal cperatin. Infrmatin sharing. 7. Reprting. Blue Teams were tasked t set up redundant links between their ruting infrastructures t fster cperatin between them. Cperative teams sharing valuable infrmatin were assigned bnus pints. Teams refusing t cperate were assigned a negative scre. Blue Teams were expected t cntinuusly prvide lightweight reprts t the White Team. The main aspects measuring their success were timeliness, crrectness, accuracy and clarity. 8. Ability t cnvey the big picture. Blue Teams were expected t cmpile management reprts and respnd t media requests. 9. Crisis cmmunicatin. The Media Simulatin Cell evaluated the speed, accuracy, lgic and reactin f Blue Teams' spkespeple when respnding t media requests. The legal play was set up s that there was at least ne legal advisr in each Blue Team. The training bjectives fr them were as fllws: 1. T have the legal advisrs analyse the cmplex legal issues arising in the cntext f an armed cnflict. 2. T facilitate cmmunicatin between the legal and technical experts. 3. T educate the legal experts abut IT. 4. T an extent, t educate the technical experts abut the law. 7
8 3.4 Descriptin f the Teams In this sectin we describe briefly the teams invlved in the LS exercises. Mre details can be fund at Annex I: Detailed Descriptin f the Teams Blue Teams and Legal Advisrs Blue Teams (BT) and the legal advisrs engaged with them are the main training audience f LS exercises. In LS13, Blue Teams represented military rapid reactin teams whse main task was t secure and prtect a pre-built infrastructure against the Red Team's attacks. There were tw main netwrk segments: an unclassified netwrk fr military units, and the netwrks running services fr Aid rganisatins deplyed in the cnflict area. Blue Teams were als expected t: a. cntinuusly send reprts t Headquarters t keep management infrmed abut incidents and ther events; b. respnd t media queries; c. accmplish additinal tasks sent frm the HQ. Legal advisrs had t brief ther members f the Blue Team abut their legal status, applicable law, rights and bligatins; and answer different questins n legal aspects raised by the HQ. There were als ut-f-the-game technical quizzes which the legal advisrs were suppsed t answer White Team The White Team (WT) had respnsibility fr preparing the exercise and cntrlling it during Executin. They defined the training bjectives, scenari, and high-level bjectives fr the Red Team, 8
9 wrte the rules, prepared media, scenari and legal injects and the cmmunicatin plan. During Executin, the White Team acted as the exercise cntrller's cell by deciding when t start different phases, cntrlling the executin f the Red Team's campaign, and making scring decisins. Management (HQ), user and media simulatin were als part f White Team's business. There was ne persn per Blue Team wh acted as a liaisn fficer Red Team The Red Team s (RT) missin was t cmprmise r degrade the perfrmance f the Blue Team systems. They had altgether 20 pre-defined bjectives. They were allwed t repeat sme bjectives during the next phases. The fcus f Lcked Shields exercises is t train the Blue Teams; therefre, Red Team members are mainly cnsidered as the wrk-frce t challenge the Blue Teams. In principle, the Red Team uses a white-bx apprach; technical details f the initial cnfiguratin f the Blue Team systems were available fr the Red Team befrehand Green Team The Green Team (GT) was respnsible fr preparing the technical infrastructure. GT had t carry ut the fllwing tasks: Design, set up and cnfigure the cre infrastructure: physical devices, virtualisatin platfrm, strage, netwrking, remte access, traffic recrding, VPN ruters fr the Blue Teams, user accunts, etc. Design and build the Gamenet and Blue Team netwrks. Prgram the autmatic scring bt and agents. Develp slutins fr traffic generatin. Set up slutins fr mnitring the general exercise infrastructure Yellw Team The Yellw Team's (YT) rle was t prvide situatinal awareness abut the game, mainly t the White Team but als t all ther participants. The main surces f data fr the Yellw Team were lightweight reprts prvided by the Blue Teams, reprts n the status f attack campaigns received frm Red Team members, and the results f autmatic and manual scring. The Yellw Team analyst had interfaces t review all the reprts and assign them tags based n the cntent f the reprt. Regular highlight updates were prvided t White Team leader and t the Blue Teams. Yellw Team als prepared different views and visualisatins f the situatin. 3.5 Participants Blue Teams frm the fllwing natins/rganisatins participated in LS13: DEU, ESP, EST, FIN, ITA, LTU, NATO NCIRC, NLD, POL, SVK. The White Team, Red Team, Green Team and Yellw Team were staffed with peple frm the NATO CCD COE, Estnian Defence Frces, the Estnian Infrmatin System's Authrity, the Estnian Cyber 9
10 Defence League, Finnish Defence Frces, the Swedish Natinal Defence Cllege, the NATO Cmputer Incident Respnse Capability-Technical Centre, the French Ministry f Defence, the Plish Ministry f Natinal Defence, CERT-LV, Lughbrugh University, Clarified Security, Clarified Netwrks, and ByteLife. 3.6 Scenari This sectin describes the backgrund scenari used fr LS Scenari in a Nutshell Lcatin: Blea, a failing state n an island ff the cast f Western Africa (think Smalia as an island). Cnflict: suthern tribes want t eliminate the nrthern tribes, gvernment unable t stp the fighting (think Rwanda). A UN-authrised internatinal calitin is in the cuntry with the cnsent f the Blean gvernment t stp ethnic cleansing and restre peace (think ISAF). The spring ffensive has fixed the calitin military frces in the suth. A chlera epidemic has started amng the nrthern tribes (think Haiti). Internatinal Aid rganisatins have few resurces in-cuntry, but are mbilising t deal with the epidemic. Aid rganisatins reprt cyber attacks against their systems in-cuntry and ask fr calitin assistance until crisis respnse teams fly in (ETA 2 days). BLUE: calitin military IT teams tasked t prvide and secure bth calitin unclassified systems and Aid rganisatins systems in-cuntry until Aid crisis respnse teams arrive. RED: lcal extremists (expected skill level lw t medium); pssible interventin frm internatinal terrrist rganisatin (expected skill level medium t high). Attacker's main gal is t impede the humanitarian relief peratin in the nrth and t bleed calitin resurces General Backgrund There is an internatinal calitin peratin in Blea, an island republic lcated ff the western cast f Africa, rughly 800 km nrth-west-west f Tenerife. While the size f the island is cmparable t Ireland, the climate and landscape are mre akin t Mrcc. The cuntry is pr and the lcal infrastructure is primitive, especially in terms f sanitatin, cmmunicatins, medical services and educatin. Internet cnnectivity with the rest f the wrld, fr example, is unreliable and lw-bandwidth. Cnnectivity within the cuntry is limited t urban centres, which make use f numerus free (and annymus) wireless netwrks. The cuntry has n CERT r IT-savvy law enfrcement. This frces mst internatinal actrs t rely either n expensive satellite cnnectivity r n lcally perated systems. Fr decades the Blean gvernment has been challenged fr pwer by a racist extremist mvement called Blea Is Tarnished (BIT). In 2011 BIT prceeded with a ruthless ethnic cleansing campaign against the tribes inhabiting the nrthern half f the island. In 2012 the internatinal cmmunity intervened with a UN-authrised peratin t stp the atrcities. While initially successful in securing nrthern areas, the calitin is still encuntering heavy resistance in the suth. Althugh there is n distinct frnt line, there are daily fire-fights, IED (imprvised explsive device) encunters, 10
11 suicide bmbings, kidnappings, etc. Mst f the vilence is targeted against internatinal humanitarian grups and civilians f the nrthern tribe. While generally a lcal affair, there are rumurs f weapns shipments and training prvided by an internatinal terrrist rganisatin. Accrding t intelligence analysts, this grup is interested in bleeding the resurces f the cmmitted states as part f a lng-term campaign t weaken EU and NATO. Such supprt enables the BIT t penly challenge the military might f the calitin, ften making use f unexpectedly cmplex tactics and technlgies Recent Develpments It is nw 24 April. One week ag the BIT started their spring ffensive. S far, they have managed t capture sme twns and villages in the suthern part f the cuntry. Calitin frces mved t take back the lst grund, but encuntered heavy resistance and are nw fully engaged in the suth. Three days ag, a chlera epidemic started spreading amng the civilian ppulatin in the nrth. The surce f the epidemic is prbably the water supply system. Sme BIT members were captured trying t pisn wells, s it may be smehw related t the spring ffensive. Due t pr hygiene and inadequate medical infrastructure in the cuntry, the epidemic is expected t spread if left unchecked. The gvernment immediately asked the internatinal cmmunity fr humanitarian assistance. UN and aid rganisatins that already perate in the cuntry reprt that their initial respnse capability is severely limited. Crisis respnse teams have been mbilised and are expected t arrive within a cuple f days. Calitin frces are still engaged and cannt spare significant manpwer t assist with the relief peratin. Aid rganisatins reprt that their lcal IT systems are under cyber attack. This makes it very hard t crdinate the relief effrt. Their systems are nt built with security in mind and they have n cyber security experts in-cuntry. The Aid rganisatins ask the calitin t prvide 10 IT supprt teams (cde name: Blue) wh culd assist in keeping the systems running at 10 different sites fr 2-3 days until crisis respnse teams frm the Aid rganisatins arrive. The calitin leadership agrees. Hwever, the Blue Teams must still maintain their wn systems, which prvide unclassified services (cmmunicating with the lcal gvernment and Aid rganisatins, as well as prviding welfare services) t calitin units. This means they have t perate systems in tw different sites with tw different plicies. This mrning the Blue teams deply t assist the Aid rganisatins. 3.7 Technical Envirnment Cre Infrastructure Designing and implementing an envirnment fr a technical cyber battlefield is nt a trivial task. The exercise lasts nly few days but during that perid the lads are high (mre than 400 virtual machines running simultaneusly) and Red Team is actually expected t break the systems. 11
12 LS13 infrastructure was hsted by the Estnian Defence Frces. All cmpnents f the Gamenet were virtualised. Participants gt access t the envirnment ver the VPN. This time a cmmercial slutin was chsen fr f several reasns. The main cmpnents were Cisc UCS platfrms and blade servers, EMC strage devices and VMware vsphere 5.0 virtualisatin platfrm. A detailed descriptin f the cre infrastructure is prvided in Annex II: Cre Infrastructure Gamenet Each Blue Team had t defend an identical netwrk cnsisting f 34 virtual machines (VMs): Cisc VSR 1000v virtual ruter. Endian Linux firewalls. Windws and Linux wrkstatins. Dmain cntrllers, file servers. DNS and mail servers. Linux and Windws servers fr hsting web applicatins and database servers. In additin, Blue Teams culd build 2 VMs themselves and integrate them int their netwrks. A detailed descriptin f the Gamenet and Blue Team systems can be fund at: Annex III: Gamenet. 3.8 Scring T measure the perfrmance f the Blue Teams and give them feedback, 8 categries fr the scres were defined: 1. Availability f prvided services Blue Teams had a list f required services which were cnstantly checked by the scring bt. Fr each service, a weight was defined which crrespnded t the scre ne culd get fr 100% availability f that service. 2. SLA bnus If the uptime f a service was within 90% (daily scre/8h), bnus pints were assigned fr that specific service. 3. Successful Red Team attack Every time the Red Team successfully accmplished an bjective, a pre-defined negative scre was assigned. Repeating the bjective gave half the negative pints the secnd time. 4. Lightweight incident reprting This was dne nce per hur. 5. Situatin reprts (SITREPs) t management Blue Teams had t cmpile 2 SITREPs per day, each f them were scred separately. 6. Respnding t injects (scenari, media, legal) All injects were separately scred based n pre-defined criteria. 7. VM reverts Each VM revert cst -100 pints. 8. Special scring 12
13 Bnus pints were awarded t Blue Teams fr utstanding perfrmance e.g. fr cperatin and inf sharing. Psitive pints were awarded t balance Green Team mistakes. Penalties were impsed fr breaking the in-game rules. Fr instance, remving functinality f services after a warning. If the warning was ineffective, the VM was reverted. The detailed scring table is nt published t avid Blue Teams pre-calculating winning strategies and fcusing n hw t defeat the scring system. The fllwing chart is an apprximatin f the weight f each categry. Nte that sme categries such as special scring d nt have an upper limit. 13
14 4 Red Team Campaign 4.1 Overview The ffensive peratin was divided int 4 phases. The timeframe fr each phase was pre-planned, but White Team had the final right t decide when t mve n with the campaign. Altgether 20 specific bjectives were defined. Red Team culd repeat the bjectives frm previus phases but the amunt f negative pints awarded t the Blue Teams decreased by half with every successful repetitin. After the STARTEX was annunced and Gamenet pened there was a 30-minute time windw when the Red Team was nt allwed t cmprmise any systems. Generating nise and scanning activities were permitted. At least ne Blue Team felt that this time windw was nt respected by all Red Team members, and that explitatin activities had in fact started earlier. 4.2 Red Team Objectives The Red Team bjectives are prvided in the fllwing table: nr descriptin zne intended target phase subteam 1 Deface with BIT message and pint t malware fr distractin. Media Team prpsal fr first rund: img1.jpg Media Team prpsal fr secnd rund: img2.jpg Aid_DMZ cunting.aidx.ex 1 WEB 2 Delete cntent, destry the hst as much pssible t keep BT busy in Aid_DMZ. I wuld nly steal at this phase and destry in next. Successful cmprmise can be prved by prviding the hash frm /etc/hash Aid_DMZ chat.aidx.ex 1 WEB 3 Change bank accunt numbers fr dnatins. File where the bank accunt details are written is /var/www/app/templates/dnate.t pl Aid_DMZ 1 WEB 4 Cmprmise and steal vlunteer database: database www and table vlunteers. It culd be stlen directly frm Aid_DMZ db.aidx.ex 1 WEB 14
15 nr descriptin zne intended target phase subteam db.aidx.ex r thrugh by gaining access t On the cde field each vlunteer has the same hash which has t be reprted t prve success. 5 Gain fthld in AID_INT. Steal C:\Users\Public\Dcuments\Rep rt1_aid.txt fr evidence. Prvide the MD5 hash inserted in the end f the file as a prf. AID_INT ws2.int.aidx.ex ws4.int.aidx.ex (ptinal) 1 CS 6 Spread inside AID_INT t ther hsts and set beacns. AID_INT dc.int.aidx.ex (ptinal) ws*.int.aidx.ex 1 CS 7 Cmprmise AID_INT fileserver. Steal Reprt5_aid.txt frm C:\Dcuments and Settings\All Users\Dcuments fr evidence. Prvide the MD5 hash inserted in the end f the file as a prf. AID_INT files.int.aidx.ex 1 CS 8 Insert malicius cde t MIL public website in rder t initiate water-hle attack and infect MIL_INT and MIL_WEL wrkstatins. MIL_DMZ 2 WEB 9 10 Cmprmise mail server in MIL_DMZ and steal specific s. Cmprmise mail server in Aid_DMZ and steal specific s. MIL_DMZ mail.milx.ex 2 WEB Aid_DMZ mail.aidx.ex 2 WEB 11 Gain fthld in MIL_INT, stay lw, set up beacn. MIL_INT ws2.int.milx.ex ws4.int.milx.ex (ptinal) ws5.int.milx.ex (ptinal) 2 CS 12 Cmprmise ne r mre wrkstatins n MIL_WEL. MIL_WEL ws1.wel.milx.ex (ptinal) 2 CS 15
16 nr descriptin zne intended target phase subteam Steal the reprt frm C:\Users\Public\Dcuments\Rep rt1_mil.txt. Prvide the MD5 hash inserted in the end f the file as a prf. ws2.wel.milx.ex 13 Insert fake rders in Aid persnnel tasking system leading them t ambush. Aid_DMZ help.aidx.ex 3 WEB 14 Gain and maintain access t the DNS servers. Steal hash frm /etc/hash as a prf. Aid_DMZ dns.aidx.ex 3 WEB 15 Re-gain fthld in MIL_INT thrugh any hst. MIL_INT ws2.int.milx.ex ws4.int.milx.ex (ptinal) 3 CS 16 Spread inside MIL_INT, set beacns. MIL_INT dc.int.milx.ex (ptinal) ws*.int.milx.ex 3 CS 17 Cmprmise MIL_INT fileserver. Steal reprt Reprt5_mil.txt frm C:\Dcuments and Settings\All Users\Dcument. Prvide the MD5 hash inserted in the end f the file as a prf. MIL_INT files.int.milx.ex 3 CS 18 Gain access, steal the hash frm /etc/hash as prf, maintain access. MIL_DMZ dns.milx.ex 3 WEB 19 Replace the vide feed n TV twer (via MIL_INT, MIL_WEL r directly). By default the fllwing file is streamed and therefre shuld be replaced: /var/www/stream/1.mp4 MIL_DMZ tv.milx.ex 4 CS 20 Cnduct ruting attack against MIL_DMZ. MIL_DMZ csr.milx.ex 4 NET 16
17 4.3 Tlset Fr LS exercises, Red Team members were allwed t bring in whatever tls they liked, prvided that the licensing cnditins were fllwed. Frm the cllabratin perspective it was imprtant that the tlset was at least t sme extent standardised. The fllwing lists main distributins and the mst imprtant sftware that was used t cnduct the attacks: Kali and BackTrack5 Linux. Cbalt Strike. Raphael Mudge, the develper f the sftware, spnsred the event and prvided LS13 Red Team an ptin t test it ut during the Executin. Metasplit Framewrk (free pen-surce versin f Metasplit). 4.4 Client-Side Team Client-Side (CS) Team was mainly respnsible fr attacking Windws and Linux wrkstatins using client-side explits and, after gaining fthld, trying t cmprmise the file servers and dmain cntrllers lcated in internal segments Phase I Objectives The general bjective fr the first phase was t fcus n targeting the Aid rganisatins internal zne (AID_INT). CS team was expected t fulfil the fllwing tasks: O5: Gain fthld in the AID_INT segment (wrkstatins). O6: Spread inside AID_INT t ther hsts and set beacns (dc.int.aidx.ex, ws*.int.aidx.ex). O7: Cmprmise a file server in AID_INT (files.int.aidx.ex) Targets The internal netwrks in bth MIL side and Aid side had 2 Windws XP VMs, 2 Windws 7 VMs and 1 Ubuntu Linux VM. Obviusly, this means the netwrks were extremely small cmpared t real-wrld situatins where large rganisatins have thusands f cmputers in a dmain. As the legitimate traffic generatin system typically did nt wrk, it made defence easier. Green Team tried t keep the perating systems up t date and remve nly specific patches. Same lcal administratr accunts were created n all Windws machines (ne vectr t enable Pass-the-Hash). The thirdparty sftware was ften utdated and cntained vulnerabilities. Typical suspects were Java, Adbe Flash, Internet Explrer. The file servers (files.int.aidx.ex, files.int.milx.ex) cntained vulnerabilities in bth required and nnrequired applicatins: FreeFlat FTP Server (OSVDB-88303), Oracle MySQL fr Micrsft Windws 17
18 (CVE ), Sielc Sistemi Winlg (CVE ), Sysax 5.53 SSH (OSVDB-79689). There were als typical issues like administrative user accunts with weak passwrds Attack Methds The methd f testing Blue Teams ability t cunter client-side attacks was simple. There was ne persn in White Team fr each Blue Team (called a blnde) whse task was t simulate the users f Blue systems. The blndes had t click n links t pen malicius web pages, dcuments r even executable files. As this prcess was nt autmatic the results fr different teams culd be cnsidered subjective. Naturally, mre active blndes culd cause mre harm. Opening the link triggered an attempt t explit vulnerabilities in sftware such as Java (CVE , CVE ), Adbe Flash Player (CVE ), Safari with Quicktime (CVE ), Internet Explrer (CVE ), and MS Office 2010 (CVE ). In sme cases Cbalt Strike's autexplit server was used t autmatically select the best explit. In general, this was nt needed as the targeting was easy fr Red Team members. They culd just request the blndes t pen the link r file with specific sftware. Typical paylads were Cbalt Strike Beacn and Metasplit Meterpreter. Red Team als acknwledged using DarkCmet RAT. The natural mve after gaining user-level access t Windws systems is t escalate privileges and dump the passwrd hashes. Althugh Pass-The-Hash (PTH) has been a well-knwn trick fr years, mitigating it is nt straightfrward and it very ften still wrks. PTH was tried by LS13 Red Team. CS team had in their pssessin a custm cde pre-planted int a few wrkstatins which is described in a separate sectin (Custm Pre-Planted Cde). At the end f the game Red Team als used insider attacks: VM that was cnnected int the internal netwrk simulating a cntractr's laptp Malware brught in and executed frm CD drive Results The first Cbalt Strike Beacns called hme a few minutes after 08:00Z - the time when the Red Team was allwed t start. The wrkstatins in the AID_INT zne f BT1, BT3, BT7, BT8 and BT10 cntacted the beacn servers during the first 20 minutes. Nte that, accrding t Cbalt Strike's activity lg, Red Team had Meterpreter sessins pen (these culd have been hung sessins) t wrkstatin in BT8 netwrk fr 4 minutes and BT7 fr 3 hurs during the first phase. Still, the first rund f the attack was reprted as a failure fr bth. The AID_INT wrkstatins fr all ther Blue Teams were nt cmprmised during phase I. It des nt necessarily mean that the ther teams did smething particularly clever. Often it was just nt pssible t access target systems. Main reasns fr this failure were: a. The wrkstatins were nt accessible t the blndes. b. The respective blnde was gne fr a lng time. c. After the first utbund request the target IP was blcked. d. Vulnerabilities were quickly patched r ther cuntermeasures applied s that the attempts failed. 18
19 e. Vulnerability was explitable but the Red Team was nt able t get t the shell. Fr instance, paylads were blcked by AV. The bjective t cmprmise a file server in AID_INT failed fr all the teams. The presumptin fr this attack was t have a fthld in the internal netwrk, but this was established in less than half the Blue Teams. In additin, infrmatin n the security issues f the file servers was shared between Blue Teams straight after the start f the game and all explitatin attempts failed. Gaining access using Pass-The-Hash wrked quite ften, but Red Team failed t explit it successfully as their Meterpreter paylads were detected and shell was nt btained Phase II Objectives During the secnd phase, the military netwrks als became targets. Red Team was als allwed t repeat the bjectives f the previus phase, but successful repetitin gave half the pints than it did the first time. New bjectives fr the CS were fllwing: O11: Gain fthld in MIL_INT segment, stay lw, and set up beacns (wrkstatins) O12: Cmprmise ne r mre wrkstatins in MIL_WEL Results When the secnd phase started, all Blue Teams had prtected their wrkstatins with security sftware. Sme teams had even tw different anti-virus prducts running. Mst f the Red Team members were nt prepared t use heavily custmised paylads in rder t evade IPS and AV. These security slutins d nt have any difficulties in detecting malicius executables generated by Metasplit Framewrk using the default templates. Therefre in mst cases explitatin f vulnerabilities in wrkstatins failed, dwnlads f executable files were blcked by firewalls r detected by AV/IPS, and a fthld was gained nly int the MIL_INT segments f BT1 and BT8. In the end f Day 1 members f the client-side team fund a way t kill MS Essentials under user privileges using a tl named Victr. This is ne f the reasns why BT1 and BT8 gt mre attentin and were cmprmised. In the case f ne McAfee installatin, RT claimed that a self-signed executable with a McAfee Inc string inside was sufficient t bypass it Phase III Objectives The aim f the third phase f the campaign was t achieve glbal reach targeting bth the Military s and the Aid rganisatins netwrks by repeating previusly defined bjectives and accmplishing the fllwing new nes: O15: Re-gain fthld in MIL_INT thrugh any hst (ws*.int.milx.ex). O16: Spread inside MIL_INT and set beacns (ws*.int.milx.ex, dc.int.milx.ex). O17: Cmprmise MIL_INT fileserver (files.int.milx.ex). 19
20 Results Frm the perspective f client-side attacks the situatin was similar t the previus day. Red Team members requested many new IPs fr all their attack servers and started t share links t the blndes. Typically, either the explits failed t run (vulnerabilities patched r detected by AV/IPS) r the IP addresses f the attackers were immediately blcked. Cmprmising the file server in MIL_INT failed fr all teams. In general, there were few exceptins: Windws 8 tablets in the MIL_WEL segment f BT1, BT2 and BT8 were hacked. Fthlds in MIL_INT were successfully regained fr BT1, BT4 and BT9 After lunch, nne f the Red Team members had a live Meterpreter sessin Phase IV Objectives In the final phase f the exercise, Red Team had t hack int the TV twer and replace the riginal vide feed with their wn. In reality tv.milx.ex was just a Linux system streaming a vide ver HTTP using VLC player. There were tw main attack vectrs: Backdred FTP server (vsfptd 2.3.4). Nte that Blue Teams were required t keep the FTP accessible nly frm MIL_WEL and MIL_INT althugh initially it was nt prperly firewalled. Vulnerable vide uplad service. The secnd gal f the CS team fr the final phase was t regain r maintain access t internal netwrks Results Red Team had under their cntrl ne VM inside each Blue Team's MIL_INT segment which was simulating a cntractr's laptp infected with malware. This was saved fr the last phase as the FTP service running n the TV twer cmputer was accessible nly frm internal segments. Unfrtunately fr the Red Team, the cntractr's laptp was cnfigured with similar static IP address (10.x.3.140) fr all Blue Teams. The rgue system was quickly discvered by BT8 and annunced t all the thers. Based n BT8 s bservatin it appears that instead f being quiet, Red Team started t prt scan internal netwrks, which naturally caused immediate detectin. Just befre the TV twer attack a grenade explded near the mbile cntainer where the hardware fr tv.milx.ex was lcated. This was an inject the purpse f which was t justify reverting the VMs. Blue Teams were tld that they had nly an ld backup s the machines were reverted t the initial vulnerable state and they lst all the changes. Red Team members upladed WSO Web Shell thrugh the vulnerable file uplad functinality and were able t change the streaming vide fr 6 teams. Typically, the cmprmise was quickly discvered (less than 5 minutes) and attackers kicked ff the server. The cmments fr the Blue Teams wh prevented this attack: BT2: tv.mil2.ex/uplads/ directry is nt writeable. BT3: tv.mil3.ex/uplads/ directry is nt writeable. 20
Helpdesk Support Tickets & Knowledgebase
Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate
More informationDeployment Overview (Installation):
Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int
More informationTen Steps for an Easy Install of the eg Enterprise Suite
Ten Steps fr an Easy Install f the eg Enterprise Suite (Acquire, Evaluate, and be mre Efficient!) Step 1: Dwnlad the eg Sftware; verify hardware and perating system pre-requisites Step 2: Obtain a valid
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationSBClient and Microsoft Windows Terminal Server (Including Citrix Server)
SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance
More informationIT Help Desk Service Level Expectations Revised: 01/09/2012
IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+
More informationA Beginner s Guide to Building Virtual Web Servers
A Beginner s Guide t Building Virtual Web Servers Cntents Intrductin... 1 Why set up a web server?... 2 Installing Ubuntu 13.04... 2 Netwrk Set Up... 3 Installing Guest Additins... 4 Updating and Upgrading
More informationCallRex 4.2 Installation Guide
CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex
More informationABELMed Platform Setup Conventions
ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationOrganisational self-migration guide an overview V1-5 April 2014
Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins
More informationImplementing ifolder Server in the DMZ with ifolder Data inside the Firewall
Implementing iflder Server in the DMZ with iflder Data inside the Firewall Nvell Cl Slutins AppNte www.nvell.cm/clslutins JULY 2004 OBJECTIVES The bjectives f this dcumentatin are as fllws: T cnfigure
More informationViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation
ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationInstructions for Configuring a SAFARI Montage Managed Home Access Expansion Server
Instructins fr Cnfiguring a SAFARI Mntage Managed Hme Access Expansin Server ~ Please read these instructins in their entirety befre yu begin. ~ These instructins explain hw t add a SAFARI Mntage Managed
More informationMobile Device Manager Admin Guide. Reports and Alerts
Mbile Device Manager Admin Guide Reprts and Alerts September, 2013 MDM Admin Guide Reprts and Alerts i Cntents Reprts and Alerts... 1 Reprts... 1 Alerts... 3 Viewing Alerts... 5 Keep in Mind...... 5 Overview
More informationMaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationDisk Redundancy (RAID)
A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U
More informationFINRA Regulation Filing Application Batch Submissions
FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s
More informationBackupAssist SQL Add-on
WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system
More informationSaaS Listing CA Cloud Service Management
SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters
More informationIntegrating With incontact dbprovider & Screen Pops
Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint
More informationThe Relativity Appliance Installation Guide
The Relativity Appliance Installatin Guide February 4, 2016 - Versin 9 & 9.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationSTIOffice Integration Installation, FAQ and Troubleshooting
STIOffice Integratin Installatin, FAQ and Trubleshting Installatin Steps G t the wrkstatin/server n which yu have the STIDistrict Net applicatin installed. On the STI Supprt page at http://supprt.sti-k12.cm/,
More informationHow to put together a Workforce Development Fund (WDF) claim 2015/16
Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF
More informationLicensing Windows Server 2012 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This
More informationTaskCentre v4.5 Send Message (SMTP) Tool White Paper
TaskCentre v4.5 Send Message (SMTP) Tl White Paper Dcument Number: PD500-03-17-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION
More informationHOWTO: How to configure SSL VPN tunnel gateway (office) to gateway
HOWTO: Hw t cnfigure SSL VPN tunnel gateway (ffice) t gateway Hw-t guides fr cnfiguring VPNs with GateDefender Integra Panda Security wants t ensure yu get the mst ut f GateDefender Integra. Fr this reasn,
More informationGETTING STARTED With the Control Panel Table of Contents
With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationFirewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)
Firewall/Prxy Server Settings t Access Hsted Envirnment Client firewall settings in mst cases depend n whether the firewall slutin uses a Stateful Inspectin prcess r ne that is cmmnly referred t as an
More informationArchiving IVTVision Video (Linux)
Archiving IVTVisin Vide (Linux) 1 Intrductin Because IVTVisin Server recrds vide using a straightfrward perating system file structure, archiving vide shuld be simple fr any IT prfessinal. This dcument
More informationHow To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn
SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationWelcome to Remote Access Services (RAS)
Welcme t Remte Access Services (RAS) Our gal is t prvide yu with seamless access t the TD netwrk, including the TD intranet site, yur applicatins and files, and ther imprtant wrk resurces -- whether yu
More informationReadme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.
Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...
More informationInstallation Guide Marshal Reporting Console
Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling
More informationOnline Network Administration Degree Programs
Online Schls, Degrees & Prgrams Blg Abut Archives Cntact Online Netwrk Administratin Degree Prgrams A Netwrk Administratr is smene respnsible fr the maintenance and perfrmance f cmputer hardware and sftware
More informationAVG AntiVirus Business Edition
AVG AntiVirus Business Editin User Manual Dcument revisin AVG.02 (30.9.2015) C pyright AVG Technlgies C Z, s.r.. All rights reserved. All ther trademarks are the prperty f their respective wners. Cntents
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationMANAGED VULNERABILITY SCANNING
Abut SensePst SensePst is an independent and bjective rganisatin specialising in infrmatin security cnsulting, training, security assessment services and IT Vulnerability Management. SensePst is abut security.
More informationAladdin HASP SRM Key Problem Resolution
Aladdin HASP SRM Key Prblem Reslutin Installatin flwchart fr EmbrideryStudi and DecStudi e1.5 Discnnect frm the Internet and disable all anti-virus and firewall applicatins. Unplug all dngles. Insert nly
More informationWEB APPLICATION SECURITY TESTING
WEB APPLICATION SECURITY TESTING Cpyright 2012 ps_testware 1/7 Intrductin Nwadays every rganizatin faces the threat f attacks n web applicatins. Research shws that mre than half f all data breaches are
More informationOften people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.
Municipal Service Cmmissin Gerald P. Cle Frederick C. DeLisle Thmas M. Kaul Gregry L. Riggle Stanley A. Rutkwski Electric, Steam, Water Cable Televisin and High Speed Internet Service since 1889 Melanie
More informationInstallation Guide Marshal Reporting Console
INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin
More informationService Desk Self Service Overview
Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationInternet Service Definition. SD012v1.1
Internet Service Definitin SD012v1.1 Internet Service Definitin Service Overview InTechnlgy Internet Service is a permanent Internet cnnectivity slutin. The service cnnects custmers t the InTechnlgy natinal
More informationATL: Atlas Transformation Language. ATL Installation Guide
ATL: Atlas Transfrmatin Language ATL Installatin Guide - versin 0.1 - Nvember 2005 by ATLAS grup LINA & INRIA Nantes Cntent 1 Intrductin... 3 2 Installing ADT frm binaries... 3 2.1 Installing Eclipse and
More informationThe Ohio Board of Regents Credit When It s Due process identifies students who
Credit When It s Due/ Reverse Transfer FAQ fr students Ohi is participating in a natinal grant initiative, Credit When It s Due, designed t implement reverse-transfer, which is a prcess t award assciate
More informationNetworking Best Practices
Netwrking Best Practices Use f a Lad Balancer With Hitachi Cntent Platfrm and Hitachi Cntent Platfrm Anywhere By Hitachi Data Systems August 2015 Cntents Executive Summary... 3 Intrductin... 4 Lad Balancer
More informationNASDAQ BookViewer 2.0 User Guide
NASDAQ BkViewer 2.0 User Guide NASDAQ BkViewer 2.0 ffers a real-time view f the rder depth using the NASDAQ Ttalview prduct fr NASDAQ and ther exchange-listed securities including: The tp buy and sell
More informationCustomers FAQs for Webroot SecureAnywhere Identity Shield
Custmers FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere sftware?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is Webrt
More information990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.
990 e-pstcard FAQ Fr frequently asked questins abut filing the e-pstcard that are nt listed belw, brwse the FAQ at http://epstcard.frm990.rg/frmtsfaq.asp# (cpy and paste this link t yur brwser). General
More informationGetting Started Guide
AnswerDash Resurces http://answerdash.cm Cntextual help fr sales and supprt Getting Started Guide AnswerDash is cmmitted t helping yu achieve yur larger business gals. The utlined pre-launch cnsideratins
More informationFAQs for Webroot SecureAnywhere Identity Shield
FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere Identity Shield?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is the Webrt
More informationSoftware Update Notification
Sftware Update Ntificatin PSS0223-02 Mastersizer 3000 v1.01 sftware Abstract This dcument details the release f sftware PSS0223-02 v1.01 f the sftware fr the Mastersizer 3000 laser diffractin system. It
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationVirtual Meetings and Virtual Teams Using Technology to Work Smarter
http://www.psu.edu/president/pia/innvatin/ INNOVATION INSIGHT SERIES NUMBER 9 Virtual Meetings and Virtual Teams Using Technlgy t Wrk Smarter Yu need t have a meeting. Sme f the peple yu d like t include
More informationX7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips
X7500 Series, X4500 Scanner Series MFPs: LDAP Address Bk and Authenticatin Cnfiguratin and Basic Trubleshting Tips Lexmark Internatinal 1 Prerequisite Infrm atin In rder t cnfigure a Lexmark MFP fr LDAP
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationBlue Link Solutions Terminal Server Configuration How to Install Blue Link Solutions in a Terminal Server Environment
Blue Link Slutins Terminal Server Cnfiguratin Hw t Install Blue Link Slutins in a Terminal Server Envirnment Prepared by: Darren Myher April 9, 2002 Table f Cntents Backgrund... 2 Applicatin Server mde
More informationDiagnosis and Troubleshooting
Diagnsis and Trubleshting DataDirect Cnnect Series ODBC Drivers Intrductin This paper discusses the diagnstic tls that are available t cnfigure and trublesht yur ODBC envirnment and prvides a trubleshting
More information2008 BA Insurance Systems Pty Ltd
2008 BA Insurance Systems Pty Ltd BAIS have been delivering insurance systems since 1993. Over the last 15 years, technlgy has mved at breakneck speed. BAIS has flurished in this here tday, gne tmrrw sftware
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationIntroduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.
Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and
More informationGrant Application Writing Tips and Tricks
Grant Applicatin Writing Tips and Tricks Grants are prvided by gvernment (lcal, state and natinal), charitable trusts, and by cmmunity rganisatins (eg Ltteries, Rtary, etc). Each grant has a specific purpse,
More informationACTIVITY MONITOR Real Time Monitor Employee Activity Monitor
ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library
More informationWireless Light-Level Monitoring
Wireless Light-Level Mnitring ILT1000 ILT1000 Applicatin Nte Wireless Light-Level Mnitring 1 Wireless Light-Level Mnitring ILT1000 The affrdability, accessibility, and ease f use f wireless technlgy cmbined
More informationThe Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant
The Allstate Fundatin Dmestic Vilence Prgram 2015 Mving Ahead Financial Empwerment Grant Due Date: September 1, 2015 Online applicatin: https://www.grantrequest.cm/sid_1010?sa=sna&fid=35296 The Allstate
More informationRequest for Proposal Technology Services
Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage
More informationAvatier Identity Management Suite
Avatier Identity Management Suite AIMS Versin 9 System Requirements Versin 9 2603 Camin Ramn Suite 110 San Ramn, CA 94583 Phne: 800-609-8610 925-217-5170 FAX: 925-217-0853 Email: supprt@avatier.cm Page
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationImplementing SQL Manage Quick Guide
Implementing SQL Manage Quick Guide The purpse f this dcument is t guide yu thrugh the quick prcess f implementing SQL Manage n SQL Server databases. SQL Manage is a ttal management slutin fr Micrsft SQL
More informationTelelink 6. Installation Manual
Telelink 6 Installatin Manual Table f cntents 1. SYSTEM REQUIREMENTS... 3 1.1. Hardware Requirements... 3 1.2. Sftware Requirements... 3 1.2.1. Platfrm... 3 1.2.1.1. Supprted Operating Systems... 3 1.2.1.2.
More informationNetwork Intrusion Detection
Netwrk Intrusin Detectin Best f Breed Prtectin with SNORT Implementing Snrt Snrt can be readily implemented with the help f a special Linux distributin named Sentinix (http://www.sentinix.rg). Wait a minute,
More informationEnsuring end-to-end protection of video integrity
White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring
More informationLicensing Windows Server 2012 R2 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents
More informationesupport Quick Start Guide
esupprt Quick Start Guide Last Updated: 5/11/10 Adirndack Slutins, Inc. Helping Yu Reach Yur Peak 908.725.8869 www.adirndackslutins.cm 1 Table f Cntents PURPOSE & INTRODUCTION... 3 HOW TO LOGIN... 3 SUBMITTING
More informationGetting started with Android
Getting started with Andrid Befre we begin, there is a prerequisite, which is t plug the Andrid device int yur cmputer, and lad the drivers fr the OS. In writing this article, I was using Windws XP, 7
More informationHP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents
HP ExpertOne HP2-T21: Administering HP Server Slutins Industry Standard Servers Exam preparatin guide Table f Cntents Overview 2 Why take the exam? 2 HP ATP Server Administratr V8 certificatin 2 Wh shuld
More informationUser Guide Version 3.9
User Guide Versin 3.9 Page 2 f 22 Summary Cntents 1 INTRODUCTION... 3 1.1 2 CREATE A NEW ACCOUNT... 4 2.1 2.2 3 NAVIGATION... 3 CREATE AN EMAIL ACCOUNT... 4 CREATE AN ALIAS ACCOUNT... 6 MODIFYING AN EXISTING
More informationJunos Pulse Instructions for Windows and Mac OS X
Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationEmail Setup PPD IT How-to Guides June 2010
Email Setup Cntents Email Infrmatin... 2 IMAP and POP3 settings... 2 Cnfiguring Micrsft Outlk 2007... 2 Archiving mail... 3 Cnfiguring AutArchive in Micrsft Outlk 2007... 3 Access frm ff site... 4 Cnfiguring
More informationWebalo Pro Appliance Setup
Webal Pr Appliance Setup 1. Dwnlad the Webal virtual appliance apprpriate fr yur virtualizatin infrastructure, using the link yu were emailed. The virtual appliance is delivered as a.zip file that is n
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationSoftware Distribution
Sftware Distributin Quantrax has autmated many f the prcesses invlved in distributing new cde t clients. This will greatly reduce the time taken t get fixes laded nt clients systems. The new prcedures
More informationCSC IT practix Recommendations
CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins
More informationBest Practice - Pentaho BA for High Availability
Best Practice - Pentah BA fr High Availability This page intentinally left blank. Cntents Overview... 1 Pentah Server High Availability Intrductin... 2 Prerequisites... 3 Pint Each Server t Same Database
More informationGetting Started Guide
fr SQL Server www.lgbinder.cm Getting Started Guide Dcument versin 1 Cntents Installing LOGbinder fr SQL Server... 3 Step 1 Select Server and Check Requirements... 3 Select Server... 3 Sftware Requirements...
More informationE-Biz Web Hosting Control Panel
1 f 38 E-Biz Web Hsting Cntrl Panel This dcument has been created t give yu a useful insight in t the Hsting Cntrl Panel available with E-Biz hsting services. Please nte: Optins available are dependent
More informationUsing Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors
Using Sentry-g Enterprise/ASPX fr Sentry-g Quick & Plus! mnitrs 3Ds (UK) Limited, February, 2014 http://www.sentry-g.cm Be Practive, Nt Reactive! Intrductin Sentry-g Enterprise Reprting is a self-cntained
More informationAMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated 2-12-15
AMWA Chapter Subgrups n LinkedIn Guidance fr Subgrup Managers and Chapter Leaders, updated 2-12-15 1. Chapters may nt have an independent grup n LinkedIn, Facebk, r ther scial netwrking site. AMWA prvides
More informationBRILL s Editorial Manager (EM) Manual for Authors Table of Contents
BRILL s Editrial Manager (EM) Manual fr Authrs Table f Cntents Intrductin... 2 1. Getting Started: Creating an Accunt... 2 2. Lgging int EM... 3 3. Changing Yur Access Cdes and Cntact Infrmatin... 3 3.1
More informationHow To Migrate To A Networks Dmain Name Service On A Pc Or Macbook (For Pc) On A Linux Computer (For Macbook) On An Ipad Or Ipad (For Ipad) On Pc Or Ipa (For
Reprt: April 12, 2011 By Erick Engelke I have rganized my tasks arund tw majr prblems: 1. Define the new active directry a. Dmain Name Service fr the dmain - cmplete b. Dmain layut, structuring f Organizatinal
More information