Cyber Defence Exercise Locked Shields After Action Report

Size: px
Start display at page:

Download "Cyber Defence Exercise Locked Shields 2013. After Action Report"

Transcription

1 Cyber Defence Exercise Lcked Shields 2013 After Actin Reprt Tallinn 2013

2 1 Executive Summary This reprt describes the technical cyber defence exercise (CDX) named Lcked Shields 2013 (LS13). The intended target audience f the dcument cnsists f: the Blue Teams f LS13, t give them a detailed verview f the events and prvide feedback; parties wh cnduct similar exercises, t share ur experiences with the cmmunity; and the rganisers f the Lcked Shields, t identify lessns n hw t imprve future exercises. LS13 was a technical CDX executed n April Ten Blue Teams, cnsisting f up t 10 experts in IT and 1-2 legal advisrs, were the main training audience. They were acting as rapid reactin teams wh had t defend virtual netwrks against the Red Team's attacks, accmplish rders given by headquarters, fllw the lcal news and respnd t media inquiries, and analyse the legal aspects f their missin. The main bjective f LS13 was t test the skills f the Blue Team members, educate the legal experts n IT and pressure the lawyers with cmplex legal tasks. The scenari engaged the Blue Teams in a missin under UN mandate in a fictinal cuntry called Blea where the cnflict between the nrthern and suthern tribes had escalated t a level where the lcal gvernment was frced t request help frm the internatinal cmmunity. In additin t traditinal hstilities, cyber attacks began in April 2013 against the IT systems f lcal Aid rganisatins. Ten Blue Teams were requested t be deplyed in rder t prtect unclassified military netwrks and Aid rganisatins' netwrks. The Blue Teams were well prepared and were mre successful in preventing, detecting and mitigating the attacks than thse in previus Lcked Shields exercises. In the cntext f LS13, the fllwing areas were mst challenging fr the Blue Teams: Defending web applicatins. Detecting custm malicius cde. Mitigating BGP hijacking attacks. Initiating efficient infrmatin sharing. A Red Team cmpsed f ad-hc vlunteers is n lnger sufficient t prvide realistic challenges fr the Blue Teams. Mre permanent, better prepared and better c-perating teams are needed. Better tls are required t prvide feedback t the Blue Teams n the ffensive campaign. The technical platfrm fr LS13 was stable and perfrmed well. Building a Gamenet which includes mdern technlgies (e.g. mbile devices) and scenari specific cmpnents (e.g. military C&C systems) t reflect mre clsely the cmplexity f real wrld netwrks remains a challenge. LS13 was rganised in cperatin with the NATO Cperative Cyber Defence Centre f Excellence, the Estnian Infrmatin Systems Authrity, Estnian Defence Frces, the Estnian Cyber Defence League, Finnish Defence Frces and many ther partners.

3 2 Cntents 1 Executive Summary Cntents Overview f Lcked Shields Cncept Timeline Training Objectives Descriptin f the Teams Blue Teams and Legal Advisrs White Team Red Team Green Team Yellw Team Participants Scenari Scenari in a Nutshell General Backgrund Recent Develpments Technical Envirnment Cre Infrastructure Gamenet Scring Red Team Campaign Overview Red Team Objectives Tlset Client-Side Team Phase I Phase II Phase III Phase IV Custm Pre-Planted Cde... 21

4 4.5 WEB Team Phase I Phase II Phase III Phase IV Netwrk and Mixed Team Phase I Phase II Phase III Phase IV Pst-Explitatin Balance f the Attacks Cnclusins Blue Team Defence Campaign Intrductin Preparatins Cmmn Practices Blcking Access and RBL Less Cmmn Practices Questinable r Frbidden Practices Security Sftware n Windws Systems Infrmatin Sharing Scres Injects Scenari Injects Media Injects Legal Injects Legal Play Intrductin Injects Team Setup Feedback n Executin Results Recmmendatins t the Blue Teams

5 8.1 Prtecting Web Applicatins Prtecting ther Parts f the Infrastructure Reprting and Infrmatin Sharing Intrductin Yellw Team Feedback fr the Blue Teams Cnclusins Media Respnse Observatins and Recmmendatins t Imprve Lcked Shields Exercise Organisatin Scenari Teams White Team Red Team Green Team Legal Team Yellw Team Cmmunicatin Infrmatin Sharing and Cllabratin Situatinal Awareness Scring Technical Envirnment Cre Infrastructure Cllabratin, SA and Scring Platfrm Gamenet Rules Administrative Issues Acknwledgements Acrnyms

6 3 Overview f Lcked Shields 3.1 Cncept The key characteristics f LS13 were as fllws: It was a live, technical, Blue/Red Team exercise: Blue Teams had t defend netwrks against real-time attacks. It was internatinal: 18 rganisatins frm 15 natins were engaged int preparing and executing LS13. The type f the exercise was a game: the teams did nt represent the real rganisatins they are wrking fr during their daily jbs but were placed int fictinal rles. A lab envirnment was used instead f prductin netwrks. Over the curse f tw days the Blue Teams had t defend a pre-built netwrk cnsisting f rughly 35 virtual machines against the Red Team's attacks. The infrastructure was initially insecure and full f vulnerabilities. T prvide feedback t the teams and measure the success f different strategies and tactics, Blue Teams were assigned autmatic and manual scres. Each Blue Team was accmpanied by 1 r 2 legal advisrs t encurage and facilitate cperatin, cmmunicatin and understanding between the technical and legal experts. Red Team members were nt cmpeting with each ther. Their bjective was t cnduct equally balanced attacks n all the Blue Teams netwrks. LS13 was rganised by NATO CCD COE in cperatin with Estnian Defence Frces, the Estnian Infrmatin Systems' Authrity, the Estnian Cyber Defence League, Finnish Defence Frces, and many ther partners. 3.2 Timeline The timeline and main events list fr LS13 can be fund in the fllwing table. Date Event 22 Nv 2012 Initial Planning Cnference (IPC) 8-9 Jan 2013 Main Planning Cnference (MPC) 15 Mar 2013 Test Run 26 Mar 2013 Final Planning Cnference (FPC) 04 Apr :00Z (15:00 EEST) Webinar I: General Infrmatin. Strategies and tactics - lk int CDX 11 Apr :00Z (15:00 Webinar II: General Infrmatin. Reprting. Legal play EEST) Apr 2013 Preparatin Days: access fr Blue Teams t Gamenet 18 Apr :00Z (15:00 Webinar III: General Infrmatin. Scring. VSRm EEST) Apr 2013 Executin and Ht Wash-Up

7 5 Jul 2013 After Actin Reprt Review 3.3 Training Objectives The bjective was t test the skills f Blue Teams in the fllwing areas: 1. Learning the netwrk. Blue Teams were respnsible fr securing and maintaining systems previusly unknwn t them. They had t cmpile lists f assets and vulnerabilities, assign pririties t the assets, etc. 2. System administratin and preventin f attacks. Administrative tasks and hardening cnfiguratins were cntinuus activities. Day 0 vulnerabilities were simulated by nt allwing the teams t patch certain systems. 3. Mnitring netwrks, detecting and respnding t attacks. Gd mnitring skill was the key capability required t defeat the Red Team. 4. Handling cyber incidents. Priritisatin, reactin-time, and clarity f shared infrmatin were cnsidered when measuring this aspect. 5. Teamwrk: delegatin, dividing and assigning rles, leadership. The teams were verladed with tasks s that better rganised and managed teams wuld be mre successful. 6. Natinal and internatinal cperatin. Infrmatin sharing. 7. Reprting. Blue Teams were tasked t set up redundant links between their ruting infrastructures t fster cperatin between them. Cperative teams sharing valuable infrmatin were assigned bnus pints. Teams refusing t cperate were assigned a negative scre. Blue Teams were expected t cntinuusly prvide lightweight reprts t the White Team. The main aspects measuring their success were timeliness, crrectness, accuracy and clarity. 8. Ability t cnvey the big picture. Blue Teams were expected t cmpile management reprts and respnd t media requests. 9. Crisis cmmunicatin. The Media Simulatin Cell evaluated the speed, accuracy, lgic and reactin f Blue Teams' spkespeple when respnding t media requests. The legal play was set up s that there was at least ne legal advisr in each Blue Team. The training bjectives fr them were as fllws: 1. T have the legal advisrs analyse the cmplex legal issues arising in the cntext f an armed cnflict. 2. T facilitate cmmunicatin between the legal and technical experts. 3. T educate the legal experts abut IT. 4. T an extent, t educate the technical experts abut the law. 7

8 3.4 Descriptin f the Teams In this sectin we describe briefly the teams invlved in the LS exercises. Mre details can be fund at Annex I: Detailed Descriptin f the Teams Blue Teams and Legal Advisrs Blue Teams (BT) and the legal advisrs engaged with them are the main training audience f LS exercises. In LS13, Blue Teams represented military rapid reactin teams whse main task was t secure and prtect a pre-built infrastructure against the Red Team's attacks. There were tw main netwrk segments: an unclassified netwrk fr military units, and the netwrks running services fr Aid rganisatins deplyed in the cnflict area. Blue Teams were als expected t: a. cntinuusly send reprts t Headquarters t keep management infrmed abut incidents and ther events; b. respnd t media queries; c. accmplish additinal tasks sent frm the HQ. Legal advisrs had t brief ther members f the Blue Team abut their legal status, applicable law, rights and bligatins; and answer different questins n legal aspects raised by the HQ. There were als ut-f-the-game technical quizzes which the legal advisrs were suppsed t answer White Team The White Team (WT) had respnsibility fr preparing the exercise and cntrlling it during Executin. They defined the training bjectives, scenari, and high-level bjectives fr the Red Team, 8

9 wrte the rules, prepared media, scenari and legal injects and the cmmunicatin plan. During Executin, the White Team acted as the exercise cntrller's cell by deciding when t start different phases, cntrlling the executin f the Red Team's campaign, and making scring decisins. Management (HQ), user and media simulatin were als part f White Team's business. There was ne persn per Blue Team wh acted as a liaisn fficer Red Team The Red Team s (RT) missin was t cmprmise r degrade the perfrmance f the Blue Team systems. They had altgether 20 pre-defined bjectives. They were allwed t repeat sme bjectives during the next phases. The fcus f Lcked Shields exercises is t train the Blue Teams; therefre, Red Team members are mainly cnsidered as the wrk-frce t challenge the Blue Teams. In principle, the Red Team uses a white-bx apprach; technical details f the initial cnfiguratin f the Blue Team systems were available fr the Red Team befrehand Green Team The Green Team (GT) was respnsible fr preparing the technical infrastructure. GT had t carry ut the fllwing tasks: Design, set up and cnfigure the cre infrastructure: physical devices, virtualisatin platfrm, strage, netwrking, remte access, traffic recrding, VPN ruters fr the Blue Teams, user accunts, etc. Design and build the Gamenet and Blue Team netwrks. Prgram the autmatic scring bt and agents. Develp slutins fr traffic generatin. Set up slutins fr mnitring the general exercise infrastructure Yellw Team The Yellw Team's (YT) rle was t prvide situatinal awareness abut the game, mainly t the White Team but als t all ther participants. The main surces f data fr the Yellw Team were lightweight reprts prvided by the Blue Teams, reprts n the status f attack campaigns received frm Red Team members, and the results f autmatic and manual scring. The Yellw Team analyst had interfaces t review all the reprts and assign them tags based n the cntent f the reprt. Regular highlight updates were prvided t White Team leader and t the Blue Teams. Yellw Team als prepared different views and visualisatins f the situatin. 3.5 Participants Blue Teams frm the fllwing natins/rganisatins participated in LS13: DEU, ESP, EST, FIN, ITA, LTU, NATO NCIRC, NLD, POL, SVK. The White Team, Red Team, Green Team and Yellw Team were staffed with peple frm the NATO CCD COE, Estnian Defence Frces, the Estnian Infrmatin System's Authrity, the Estnian Cyber 9

10 Defence League, Finnish Defence Frces, the Swedish Natinal Defence Cllege, the NATO Cmputer Incident Respnse Capability-Technical Centre, the French Ministry f Defence, the Plish Ministry f Natinal Defence, CERT-LV, Lughbrugh University, Clarified Security, Clarified Netwrks, and ByteLife. 3.6 Scenari This sectin describes the backgrund scenari used fr LS Scenari in a Nutshell Lcatin: Blea, a failing state n an island ff the cast f Western Africa (think Smalia as an island). Cnflict: suthern tribes want t eliminate the nrthern tribes, gvernment unable t stp the fighting (think Rwanda). A UN-authrised internatinal calitin is in the cuntry with the cnsent f the Blean gvernment t stp ethnic cleansing and restre peace (think ISAF). The spring ffensive has fixed the calitin military frces in the suth. A chlera epidemic has started amng the nrthern tribes (think Haiti). Internatinal Aid rganisatins have few resurces in-cuntry, but are mbilising t deal with the epidemic. Aid rganisatins reprt cyber attacks against their systems in-cuntry and ask fr calitin assistance until crisis respnse teams fly in (ETA 2 days). BLUE: calitin military IT teams tasked t prvide and secure bth calitin unclassified systems and Aid rganisatins systems in-cuntry until Aid crisis respnse teams arrive. RED: lcal extremists (expected skill level lw t medium); pssible interventin frm internatinal terrrist rganisatin (expected skill level medium t high). Attacker's main gal is t impede the humanitarian relief peratin in the nrth and t bleed calitin resurces General Backgrund There is an internatinal calitin peratin in Blea, an island republic lcated ff the western cast f Africa, rughly 800 km nrth-west-west f Tenerife. While the size f the island is cmparable t Ireland, the climate and landscape are mre akin t Mrcc. The cuntry is pr and the lcal infrastructure is primitive, especially in terms f sanitatin, cmmunicatins, medical services and educatin. Internet cnnectivity with the rest f the wrld, fr example, is unreliable and lw-bandwidth. Cnnectivity within the cuntry is limited t urban centres, which make use f numerus free (and annymus) wireless netwrks. The cuntry has n CERT r IT-savvy law enfrcement. This frces mst internatinal actrs t rely either n expensive satellite cnnectivity r n lcally perated systems. Fr decades the Blean gvernment has been challenged fr pwer by a racist extremist mvement called Blea Is Tarnished (BIT). In 2011 BIT prceeded with a ruthless ethnic cleansing campaign against the tribes inhabiting the nrthern half f the island. In 2012 the internatinal cmmunity intervened with a UN-authrised peratin t stp the atrcities. While initially successful in securing nrthern areas, the calitin is still encuntering heavy resistance in the suth. Althugh there is n distinct frnt line, there are daily fire-fights, IED (imprvised explsive device) encunters, 10

11 suicide bmbings, kidnappings, etc. Mst f the vilence is targeted against internatinal humanitarian grups and civilians f the nrthern tribe. While generally a lcal affair, there are rumurs f weapns shipments and training prvided by an internatinal terrrist rganisatin. Accrding t intelligence analysts, this grup is interested in bleeding the resurces f the cmmitted states as part f a lng-term campaign t weaken EU and NATO. Such supprt enables the BIT t penly challenge the military might f the calitin, ften making use f unexpectedly cmplex tactics and technlgies Recent Develpments It is nw 24 April. One week ag the BIT started their spring ffensive. S far, they have managed t capture sme twns and villages in the suthern part f the cuntry. Calitin frces mved t take back the lst grund, but encuntered heavy resistance and are nw fully engaged in the suth. Three days ag, a chlera epidemic started spreading amng the civilian ppulatin in the nrth. The surce f the epidemic is prbably the water supply system. Sme BIT members were captured trying t pisn wells, s it may be smehw related t the spring ffensive. Due t pr hygiene and inadequate medical infrastructure in the cuntry, the epidemic is expected t spread if left unchecked. The gvernment immediately asked the internatinal cmmunity fr humanitarian assistance. UN and aid rganisatins that already perate in the cuntry reprt that their initial respnse capability is severely limited. Crisis respnse teams have been mbilised and are expected t arrive within a cuple f days. Calitin frces are still engaged and cannt spare significant manpwer t assist with the relief peratin. Aid rganisatins reprt that their lcal IT systems are under cyber attack. This makes it very hard t crdinate the relief effrt. Their systems are nt built with security in mind and they have n cyber security experts in-cuntry. The Aid rganisatins ask the calitin t prvide 10 IT supprt teams (cde name: Blue) wh culd assist in keeping the systems running at 10 different sites fr 2-3 days until crisis respnse teams frm the Aid rganisatins arrive. The calitin leadership agrees. Hwever, the Blue Teams must still maintain their wn systems, which prvide unclassified services (cmmunicating with the lcal gvernment and Aid rganisatins, as well as prviding welfare services) t calitin units. This means they have t perate systems in tw different sites with tw different plicies. This mrning the Blue teams deply t assist the Aid rganisatins. 3.7 Technical Envirnment Cre Infrastructure Designing and implementing an envirnment fr a technical cyber battlefield is nt a trivial task. The exercise lasts nly few days but during that perid the lads are high (mre than 400 virtual machines running simultaneusly) and Red Team is actually expected t break the systems. 11

12 LS13 infrastructure was hsted by the Estnian Defence Frces. All cmpnents f the Gamenet were virtualised. Participants gt access t the envirnment ver the VPN. This time a cmmercial slutin was chsen fr f several reasns. The main cmpnents were Cisc UCS platfrms and blade servers, EMC strage devices and VMware vsphere 5.0 virtualisatin platfrm. A detailed descriptin f the cre infrastructure is prvided in Annex II: Cre Infrastructure Gamenet Each Blue Team had t defend an identical netwrk cnsisting f 34 virtual machines (VMs): Cisc VSR 1000v virtual ruter. Endian Linux firewalls. Windws and Linux wrkstatins. Dmain cntrllers, file servers. DNS and mail servers. Linux and Windws servers fr hsting web applicatins and database servers. In additin, Blue Teams culd build 2 VMs themselves and integrate them int their netwrks. A detailed descriptin f the Gamenet and Blue Team systems can be fund at: Annex III: Gamenet. 3.8 Scring T measure the perfrmance f the Blue Teams and give them feedback, 8 categries fr the scres were defined: 1. Availability f prvided services Blue Teams had a list f required services which were cnstantly checked by the scring bt. Fr each service, a weight was defined which crrespnded t the scre ne culd get fr 100% availability f that service. 2. SLA bnus If the uptime f a service was within 90% (daily scre/8h), bnus pints were assigned fr that specific service. 3. Successful Red Team attack Every time the Red Team successfully accmplished an bjective, a pre-defined negative scre was assigned. Repeating the bjective gave half the negative pints the secnd time. 4. Lightweight incident reprting This was dne nce per hur. 5. Situatin reprts (SITREPs) t management Blue Teams had t cmpile 2 SITREPs per day, each f them were scred separately. 6. Respnding t injects (scenari, media, legal) All injects were separately scred based n pre-defined criteria. 7. VM reverts Each VM revert cst -100 pints. 8. Special scring 12

13 Bnus pints were awarded t Blue Teams fr utstanding perfrmance e.g. fr cperatin and inf sharing. Psitive pints were awarded t balance Green Team mistakes. Penalties were impsed fr breaking the in-game rules. Fr instance, remving functinality f services after a warning. If the warning was ineffective, the VM was reverted. The detailed scring table is nt published t avid Blue Teams pre-calculating winning strategies and fcusing n hw t defeat the scring system. The fllwing chart is an apprximatin f the weight f each categry. Nte that sme categries such as special scring d nt have an upper limit. 13

14 4 Red Team Campaign 4.1 Overview The ffensive peratin was divided int 4 phases. The timeframe fr each phase was pre-planned, but White Team had the final right t decide when t mve n with the campaign. Altgether 20 specific bjectives were defined. Red Team culd repeat the bjectives frm previus phases but the amunt f negative pints awarded t the Blue Teams decreased by half with every successful repetitin. After the STARTEX was annunced and Gamenet pened there was a 30-minute time windw when the Red Team was nt allwed t cmprmise any systems. Generating nise and scanning activities were permitted. At least ne Blue Team felt that this time windw was nt respected by all Red Team members, and that explitatin activities had in fact started earlier. 4.2 Red Team Objectives The Red Team bjectives are prvided in the fllwing table: nr descriptin zne intended target phase subteam 1 Deface with BIT message and pint t malware fr distractin. Media Team prpsal fr first rund: img1.jpg Media Team prpsal fr secnd rund: img2.jpg Aid_DMZ cunting.aidx.ex 1 WEB 2 Delete cntent, destry the hst as much pssible t keep BT busy in Aid_DMZ. I wuld nly steal at this phase and destry in next. Successful cmprmise can be prved by prviding the hash frm /etc/hash Aid_DMZ chat.aidx.ex 1 WEB 3 Change bank accunt numbers fr dnatins. File where the bank accunt details are written is /var/www/app/templates/dnate.t pl Aid_DMZ 1 WEB 4 Cmprmise and steal vlunteer database: database www and table vlunteers. It culd be stlen directly frm Aid_DMZ db.aidx.ex 1 WEB 14

15 nr descriptin zne intended target phase subteam db.aidx.ex r thrugh by gaining access t On the cde field each vlunteer has the same hash which has t be reprted t prve success. 5 Gain fthld in AID_INT. Steal C:\Users\Public\Dcuments\Rep rt1_aid.txt fr evidence. Prvide the MD5 hash inserted in the end f the file as a prf. AID_INT ws2.int.aidx.ex ws4.int.aidx.ex (ptinal) 1 CS 6 Spread inside AID_INT t ther hsts and set beacns. AID_INT dc.int.aidx.ex (ptinal) ws*.int.aidx.ex 1 CS 7 Cmprmise AID_INT fileserver. Steal Reprt5_aid.txt frm C:\Dcuments and Settings\All Users\Dcuments fr evidence. Prvide the MD5 hash inserted in the end f the file as a prf. AID_INT files.int.aidx.ex 1 CS 8 Insert malicius cde t MIL public website in rder t initiate water-hle attack and infect MIL_INT and MIL_WEL wrkstatins. MIL_DMZ 2 WEB 9 10 Cmprmise mail server in MIL_DMZ and steal specific s. Cmprmise mail server in Aid_DMZ and steal specific s. MIL_DMZ mail.milx.ex 2 WEB Aid_DMZ mail.aidx.ex 2 WEB 11 Gain fthld in MIL_INT, stay lw, set up beacn. MIL_INT ws2.int.milx.ex ws4.int.milx.ex (ptinal) ws5.int.milx.ex (ptinal) 2 CS 12 Cmprmise ne r mre wrkstatins n MIL_WEL. MIL_WEL ws1.wel.milx.ex (ptinal) 2 CS 15

16 nr descriptin zne intended target phase subteam Steal the reprt frm C:\Users\Public\Dcuments\Rep rt1_mil.txt. Prvide the MD5 hash inserted in the end f the file as a prf. ws2.wel.milx.ex 13 Insert fake rders in Aid persnnel tasking system leading them t ambush. Aid_DMZ help.aidx.ex 3 WEB 14 Gain and maintain access t the DNS servers. Steal hash frm /etc/hash as a prf. Aid_DMZ dns.aidx.ex 3 WEB 15 Re-gain fthld in MIL_INT thrugh any hst. MIL_INT ws2.int.milx.ex ws4.int.milx.ex (ptinal) 3 CS 16 Spread inside MIL_INT, set beacns. MIL_INT dc.int.milx.ex (ptinal) ws*.int.milx.ex 3 CS 17 Cmprmise MIL_INT fileserver. Steal reprt Reprt5_mil.txt frm C:\Dcuments and Settings\All Users\Dcument. Prvide the MD5 hash inserted in the end f the file as a prf. MIL_INT files.int.milx.ex 3 CS 18 Gain access, steal the hash frm /etc/hash as prf, maintain access. MIL_DMZ dns.milx.ex 3 WEB 19 Replace the vide feed n TV twer (via MIL_INT, MIL_WEL r directly). By default the fllwing file is streamed and therefre shuld be replaced: /var/www/stream/1.mp4 MIL_DMZ tv.milx.ex 4 CS 20 Cnduct ruting attack against MIL_DMZ. MIL_DMZ csr.milx.ex 4 NET 16

17 4.3 Tlset Fr LS exercises, Red Team members were allwed t bring in whatever tls they liked, prvided that the licensing cnditins were fllwed. Frm the cllabratin perspective it was imprtant that the tlset was at least t sme extent standardised. The fllwing lists main distributins and the mst imprtant sftware that was used t cnduct the attacks: Kali and BackTrack5 Linux. Cbalt Strike. Raphael Mudge, the develper f the sftware, spnsred the event and prvided LS13 Red Team an ptin t test it ut during the Executin. Metasplit Framewrk (free pen-surce versin f Metasplit). 4.4 Client-Side Team Client-Side (CS) Team was mainly respnsible fr attacking Windws and Linux wrkstatins using client-side explits and, after gaining fthld, trying t cmprmise the file servers and dmain cntrllers lcated in internal segments Phase I Objectives The general bjective fr the first phase was t fcus n targeting the Aid rganisatins internal zne (AID_INT). CS team was expected t fulfil the fllwing tasks: O5: Gain fthld in the AID_INT segment (wrkstatins). O6: Spread inside AID_INT t ther hsts and set beacns (dc.int.aidx.ex, ws*.int.aidx.ex). O7: Cmprmise a file server in AID_INT (files.int.aidx.ex) Targets The internal netwrks in bth MIL side and Aid side had 2 Windws XP VMs, 2 Windws 7 VMs and 1 Ubuntu Linux VM. Obviusly, this means the netwrks were extremely small cmpared t real-wrld situatins where large rganisatins have thusands f cmputers in a dmain. As the legitimate traffic generatin system typically did nt wrk, it made defence easier. Green Team tried t keep the perating systems up t date and remve nly specific patches. Same lcal administratr accunts were created n all Windws machines (ne vectr t enable Pass-the-Hash). The thirdparty sftware was ften utdated and cntained vulnerabilities. Typical suspects were Java, Adbe Flash, Internet Explrer. The file servers (files.int.aidx.ex, files.int.milx.ex) cntained vulnerabilities in bth required and nnrequired applicatins: FreeFlat FTP Server (OSVDB-88303), Oracle MySQL fr Micrsft Windws 17

18 (CVE ), Sielc Sistemi Winlg (CVE ), Sysax 5.53 SSH (OSVDB-79689). There were als typical issues like administrative user accunts with weak passwrds Attack Methds The methd f testing Blue Teams ability t cunter client-side attacks was simple. There was ne persn in White Team fr each Blue Team (called a blnde) whse task was t simulate the users f Blue systems. The blndes had t click n links t pen malicius web pages, dcuments r even executable files. As this prcess was nt autmatic the results fr different teams culd be cnsidered subjective. Naturally, mre active blndes culd cause mre harm. Opening the link triggered an attempt t explit vulnerabilities in sftware such as Java (CVE , CVE ), Adbe Flash Player (CVE ), Safari with Quicktime (CVE ), Internet Explrer (CVE ), and MS Office 2010 (CVE ). In sme cases Cbalt Strike's autexplit server was used t autmatically select the best explit. In general, this was nt needed as the targeting was easy fr Red Team members. They culd just request the blndes t pen the link r file with specific sftware. Typical paylads were Cbalt Strike Beacn and Metasplit Meterpreter. Red Team als acknwledged using DarkCmet RAT. The natural mve after gaining user-level access t Windws systems is t escalate privileges and dump the passwrd hashes. Althugh Pass-The-Hash (PTH) has been a well-knwn trick fr years, mitigating it is nt straightfrward and it very ften still wrks. PTH was tried by LS13 Red Team. CS team had in their pssessin a custm cde pre-planted int a few wrkstatins which is described in a separate sectin (Custm Pre-Planted Cde). At the end f the game Red Team als used insider attacks: VM that was cnnected int the internal netwrk simulating a cntractr's laptp Malware brught in and executed frm CD drive Results The first Cbalt Strike Beacns called hme a few minutes after 08:00Z - the time when the Red Team was allwed t start. The wrkstatins in the AID_INT zne f BT1, BT3, BT7, BT8 and BT10 cntacted the beacn servers during the first 20 minutes. Nte that, accrding t Cbalt Strike's activity lg, Red Team had Meterpreter sessins pen (these culd have been hung sessins) t wrkstatin in BT8 netwrk fr 4 minutes and BT7 fr 3 hurs during the first phase. Still, the first rund f the attack was reprted as a failure fr bth. The AID_INT wrkstatins fr all ther Blue Teams were nt cmprmised during phase I. It des nt necessarily mean that the ther teams did smething particularly clever. Often it was just nt pssible t access target systems. Main reasns fr this failure were: a. The wrkstatins were nt accessible t the blndes. b. The respective blnde was gne fr a lng time. c. After the first utbund request the target IP was blcked. d. Vulnerabilities were quickly patched r ther cuntermeasures applied s that the attempts failed. 18

19 e. Vulnerability was explitable but the Red Team was nt able t get t the shell. Fr instance, paylads were blcked by AV. The bjective t cmprmise a file server in AID_INT failed fr all the teams. The presumptin fr this attack was t have a fthld in the internal netwrk, but this was established in less than half the Blue Teams. In additin, infrmatin n the security issues f the file servers was shared between Blue Teams straight after the start f the game and all explitatin attempts failed. Gaining access using Pass-The-Hash wrked quite ften, but Red Team failed t explit it successfully as their Meterpreter paylads were detected and shell was nt btained Phase II Objectives During the secnd phase, the military netwrks als became targets. Red Team was als allwed t repeat the bjectives f the previus phase, but successful repetitin gave half the pints than it did the first time. New bjectives fr the CS were fllwing: O11: Gain fthld in MIL_INT segment, stay lw, and set up beacns (wrkstatins) O12: Cmprmise ne r mre wrkstatins in MIL_WEL Results When the secnd phase started, all Blue Teams had prtected their wrkstatins with security sftware. Sme teams had even tw different anti-virus prducts running. Mst f the Red Team members were nt prepared t use heavily custmised paylads in rder t evade IPS and AV. These security slutins d nt have any difficulties in detecting malicius executables generated by Metasplit Framewrk using the default templates. Therefre in mst cases explitatin f vulnerabilities in wrkstatins failed, dwnlads f executable files were blcked by firewalls r detected by AV/IPS, and a fthld was gained nly int the MIL_INT segments f BT1 and BT8. In the end f Day 1 members f the client-side team fund a way t kill MS Essentials under user privileges using a tl named Victr. This is ne f the reasns why BT1 and BT8 gt mre attentin and were cmprmised. In the case f ne McAfee installatin, RT claimed that a self-signed executable with a McAfee Inc string inside was sufficient t bypass it Phase III Objectives The aim f the third phase f the campaign was t achieve glbal reach targeting bth the Military s and the Aid rganisatins netwrks by repeating previusly defined bjectives and accmplishing the fllwing new nes: O15: Re-gain fthld in MIL_INT thrugh any hst (ws*.int.milx.ex). O16: Spread inside MIL_INT and set beacns (ws*.int.milx.ex, dc.int.milx.ex). O17: Cmprmise MIL_INT fileserver (files.int.milx.ex). 19

20 Results Frm the perspective f client-side attacks the situatin was similar t the previus day. Red Team members requested many new IPs fr all their attack servers and started t share links t the blndes. Typically, either the explits failed t run (vulnerabilities patched r detected by AV/IPS) r the IP addresses f the attackers were immediately blcked. Cmprmising the file server in MIL_INT failed fr all teams. In general, there were few exceptins: Windws 8 tablets in the MIL_WEL segment f BT1, BT2 and BT8 were hacked. Fthlds in MIL_INT were successfully regained fr BT1, BT4 and BT9 After lunch, nne f the Red Team members had a live Meterpreter sessin Phase IV Objectives In the final phase f the exercise, Red Team had t hack int the TV twer and replace the riginal vide feed with their wn. In reality tv.milx.ex was just a Linux system streaming a vide ver HTTP using VLC player. There were tw main attack vectrs: Backdred FTP server (vsfptd 2.3.4). Nte that Blue Teams were required t keep the FTP accessible nly frm MIL_WEL and MIL_INT althugh initially it was nt prperly firewalled. Vulnerable vide uplad service. The secnd gal f the CS team fr the final phase was t regain r maintain access t internal netwrks Results Red Team had under their cntrl ne VM inside each Blue Team's MIL_INT segment which was simulating a cntractr's laptp infected with malware. This was saved fr the last phase as the FTP service running n the TV twer cmputer was accessible nly frm internal segments. Unfrtunately fr the Red Team, the cntractr's laptp was cnfigured with similar static IP address (10.x.3.140) fr all Blue Teams. The rgue system was quickly discvered by BT8 and annunced t all the thers. Based n BT8 s bservatin it appears that instead f being quiet, Red Team started t prt scan internal netwrks, which naturally caused immediate detectin. Just befre the TV twer attack a grenade explded near the mbile cntainer where the hardware fr tv.milx.ex was lcated. This was an inject the purpse f which was t justify reverting the VMs. Blue Teams were tld that they had nly an ld backup s the machines were reverted t the initial vulnerable state and they lst all the changes. Red Team members upladed WSO Web Shell thrugh the vulnerable file uplad functinality and were able t change the streaming vide fr 6 teams. Typically, the cmprmise was quickly discvered (less than 5 minutes) and attackers kicked ff the server. The cmments fr the Blue Teams wh prevented this attack: BT2: tv.mil2.ex/uplads/ directry is nt writeable. BT3: tv.mil3.ex/uplads/ directry is nt writeable. 20

Helpdesk Support Tickets & Knowledgebase

Helpdesk Support Tickets & Knowledgebase Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U

More information

Deployment Overview (Installation):

Deployment Overview (Installation): Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int

More information

Ten Steps for an Easy Install of the eg Enterprise Suite

Ten Steps for an Easy Install of the eg Enterprise Suite Ten Steps fr an Easy Install f the eg Enterprise Suite (Acquire, Evaluate, and be mre Efficient!) Step 1: Dwnlad the eg Sftware; verify hardware and perating system pre-requisites Step 2: Obtain a valid

More information

Information Services Hosting Arrangements

Information Services Hosting Arrangements Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based

More information

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008 Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,

More information

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

SBClient and Microsoft Windows Terminal Server (Including Citrix Server) SBClient and Micrsft Windws Terminal Server (Including Citrix Server) Cntents 1. Intrductin 2. SBClient Cmpatibility Infrmatin 3. SBClient Terminal Server Installatin Instructins 4. Reslving Perfrmance

More information

A Beginner s Guide to Building Virtual Web Servers

A Beginner s Guide to Building Virtual Web Servers A Beginner s Guide t Building Virtual Web Servers Cntents Intrductin... 1 Why set up a web server?... 2 Installing Ubuntu 13.04... 2 Netwrk Set Up... 3 Installing Guest Additins... 4 Updating and Upgrading

More information

IT Help Desk Service Level Expectations Revised: 01/09/2012

IT Help Desk Service Level Expectations Revised: 01/09/2012 IT Help Desk Service Level Expectatins Revised: 01/09/2012 Overview The IT Help Desk team cnsists f six (6) full time emplyees and fifteen (15) part time student emplyees. This team prvides supprt fr 25,000+

More information

CallRex 4.2 Installation Guide

CallRex 4.2 Installation Guide CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex

More information

ABELMed Platform Setup Conventions

ABELMed Platform Setup Conventions ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require

More information

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008

Exercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008 Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,

More information

Organisational self-migration guide an overview V1-5 April 2014

Organisational self-migration guide an overview V1-5 April 2014 Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins

More information

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall

Implementing ifolder Server in the DMZ with ifolder Data inside the Firewall Implementing iflder Server in the DMZ with iflder Data inside the Firewall Nvell Cl Slutins AppNte www.nvell.cm/clslutins JULY 2004 OBJECTIVES The bjectives f this dcumentatin are as fllws: T cnfigure

More information

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is

More information

Data Protection Policy & Procedure

Data Protection Policy & Procedure Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015

More information

Serv-U Distributed Architecture Guide

Serv-U Distributed Architecture Guide Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U

More information

FINRA Regulation Filing Application Batch Submissions

FINRA Regulation Filing Application Batch Submissions FINRA Regulatin Filing Applicatin Batch Submissins Cntents Descriptin... 2 Steps fr firms new t batch submissin... 2 Acquiring necessary FINRA accunts... 2 FTP Access t FINRA... 2 FTP Accunt n FINRA s

More information

Mobile Device Manager Admin Guide. Reports and Alerts

Mobile Device Manager Admin Guide. Reports and Alerts Mbile Device Manager Admin Guide Reprts and Alerts September, 2013 MDM Admin Guide Reprts and Alerts i Cntents Reprts and Alerts... 1 Reprts... 1 Alerts... 3 Viewing Alerts... 5 Keep in Mind...... 5 Overview

More information

Disk Redundancy (RAID)

Disk Redundancy (RAID) A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.

More information

MaaS360 Cloud Extender

MaaS360 Cloud Extender MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument

More information

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server Instructins fr Cnfiguring a SAFARI Mntage Managed Hme Access Expansin Server ~ Please read these instructins in their entirety befre yu begin. ~ These instructins explain hw t add a SAFARI Mntage Managed

More information

BackupAssist SQL Add-on

BackupAssist SQL Add-on WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system

More information

SaaS Listing CA Cloud Service Management

SaaS Listing CA Cloud Service Management SaaS Listing CA Clud Service Management 1. Intrductin This dcument prvides standards and features that apply t the CA Clud Service Management (CSM) SaaS ffering prvided t the Custmer and defines the parameters

More information

STIOffice Integration Installation, FAQ and Troubleshooting

STIOffice Integration Installation, FAQ and Troubleshooting STIOffice Integratin Installatin, FAQ and Trubleshting Installatin Steps G t the wrkstatin/server n which yu have the STIDistrict Net applicatin installed. On the STI Supprt page at http://supprt.sti-k12.cm/,

More information

Integrating With incontact dbprovider & Screen Pops

Integrating With incontact dbprovider & Screen Pops Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint

More information

How to put together a Workforce Development Fund (WDF) claim 2015/16

How to put together a Workforce Development Fund (WDF) claim 2015/16 Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF

More information

The Relativity Appliance Installation Guide

The Relativity Appliance Installation Guide The Relativity Appliance Installatin Guide February 4, 2016 - Versin 9 & 9.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

GETTING STARTED With the Control Panel Table of Contents

GETTING STARTED With the Control Panel Table of Contents With the Cntrl Panel Table f Cntents Cntrl Panel Desktp... 2 Left Menu... 3 Infrmatin... 3 Plan Change... 3 Dmains... 3 Statistics... 4 Ttal Traffic... 4 Disk Quta... 4 Quick Access Desktp... 4 MAIN...

More information

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway

HOWTO: How to configure SSL VPN tunnel gateway (office) to gateway HOWTO: Hw t cnfigure SSL VPN tunnel gateway (ffice) t gateway Hw-t guides fr cnfiguring VPNs with GateDefender Integra Panda Security wants t ensure yu get the mst ut f GateDefender Integra. Fr this reasn,

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling

More information

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK

PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs

More information

Licensing Windows Server 2012 for use with virtualization technologies

Licensing Windows Server 2012 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers) Firewall/Prxy Server Settings t Access Hsted Envirnment Client firewall settings in mst cases depend n whether the firewall slutin uses a Stateful Inspectin prcess r ne that is cmmnly referred t as an

More information

Archiving IVTVision Video (Linux)

Archiving IVTVision Video (Linux) Archiving IVTVisin Vide (Linux) 1 Intrductin Because IVTVisin Server recrds vide using a straightfrward perating system file structure, archiving vide shuld be simple fr any IT prfessinal. This dcument

More information

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.

Readme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2. Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...

More information

Systems Support - Extended

Systems Support - Extended 1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets

More information

TaskCentre v4.5 Send Message (SMTP) Tool White Paper

TaskCentre v4.5 Send Message (SMTP) Tool White Paper TaskCentre v4.5 Send Message (SMTP) Tl White Paper Dcument Number: PD500-03-17-1_0-WP Orbis Sftware Limited 2010 Table f Cntents COPYRIGHT 1 TRADEMARKS 1 INTRODUCTION 2 Overview 2 FEATURES 2 GLOBAL CONFIGURATION

More information

WEB APPLICATION SECURITY TESTING

WEB APPLICATION SECURITY TESTING WEB APPLICATION SECURITY TESTING Cpyright 2012 ps_testware 1/7 Intrductin Nwadays every rganizatin faces the threat f attacks n web applicatins. Research shws that mre than half f all data breaches are

More information

Online Network Administration Degree Programs

Online Network Administration Degree Programs Online Schls, Degrees & Prgrams Blg Abut Archives Cntact Online Netwrk Administratin Degree Prgrams A Netwrk Administratr is smene respnsible fr the maintenance and perfrmance f cmputer hardware and sftware

More information

The Ohio Board of Regents Credit When It s Due process identifies students who

The Ohio Board of Regents Credit When It s Due process identifies students who Credit When It s Due/ Reverse Transfer FAQ fr students Ohi is participating in a natinal grant initiative, Credit When It s Due, designed t implement reverse-transfer, which is a prcess t award assciate

More information

Welcome to Remote Access Services (RAS)

Welcome to Remote Access Services (RAS) Welcme t Remte Access Services (RAS) Our gal is t prvide yu with seamless access t the TD netwrk, including the TD intranet site, yur applicatins and files, and ther imprtant wrk resurces -- whether yu

More information

AVG AntiVirus Business Edition

AVG AntiVirus Business Edition AVG AntiVirus Business Editin User Manual Dcument revisin AVG.02 (30.9.2015) C pyright AVG Technlgies C Z, s.r.. All rights reserved. All ther trademarks are the prperty f their respective wners. Cntents

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

Aladdin HASP SRM Key Problem Resolution

Aladdin HASP SRM Key Problem Resolution Aladdin HASP SRM Key Prblem Reslutin Installatin flwchart fr EmbrideryStudi and DecStudi e1.5 Discnnect frm the Internet and disable all anti-virus and firewall applicatins. Unplug all dngles. Insert nly

More information

NASDAQ BookViewer 2.0 User Guide

NASDAQ BookViewer 2.0 User Guide NASDAQ BkViewer 2.0 User Guide NASDAQ BkViewer 2.0 ffers a real-time view f the rder depth using the NASDAQ Ttalview prduct fr NASDAQ and ther exchange-listed securities including: The tp buy and sell

More information

MANAGED VULNERABILITY SCANNING

MANAGED VULNERABILITY SCANNING Abut SensePst SensePst is an independent and bjective rganisatin specialising in infrmatin security cnsulting, training, security assessment services and IT Vulnerability Management. SensePst is abut security.

More information

Getting Started Guide

Getting Started Guide AnswerDash Resurces http://answerdash.cm Cntextual help fr sales and supprt Getting Started Guide AnswerDash is cmmitted t helping yu achieve yur larger business gals. The utlined pre-launch cnsideratins

More information

ATL: Atlas Transformation Language. ATL Installation Guide

ATL: Atlas Transformation Language. ATL Installation Guide ATL: Atlas Transfrmatin Language ATL Installatin Guide - versin 0.1 - Nvember 2005 by ATLAS grup LINA & INRIA Nantes Cntent 1 Intrductin... 3 2 Installing ADT frm binaries... 3 2.1 Installing Eclipse and

More information

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin

More information

Internet Service Definition. SD012v1.1

Internet Service Definition. SD012v1.1 Internet Service Definitin SD012v1.1 Internet Service Definitin Service Overview InTechnlgy Internet Service is a permanent Internet cnnectivity slutin. The service cnnects custmers t the InTechnlgy natinal

More information

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format.

Often people have questions about new or enhanced services. This is a list of commonly asked questions and answers regarding our new WebMail format. Municipal Service Cmmissin Gerald P. Cle Frederick C. DeLisle Thmas M. Kaul Gregry L. Riggle Stanley A. Rutkwski Electric, Steam, Water Cable Televisin and High Speed Internet Service since 1889 Melanie

More information

Service Desk Self Service Overview

Service Desk Self Service Overview Tday s Date: 08/28/2008 Effective Date: 09/01/2008 Systems Invlved: Audience: Tpics in this Jb Aid: Backgrund: Service Desk Service Desk Self Service Overview All Service Desk Self Service Overview Service

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

Networking Best Practices

Networking Best Practices Netwrking Best Practices Use f a Lad Balancer With Hitachi Cntent Platfrm and Hitachi Cntent Platfrm Anywhere By Hitachi Data Systems August 2015 Cntents Executive Summary... 3 Intrductin... 4 Lad Balancer

More information

HIPAA HITECH ACT Compliance, Review and Training Services

HIPAA HITECH ACT Compliance, Review and Training Services Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical

More information

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free. 990 e-pstcard FAQ Fr frequently asked questins abut filing the e-pstcard that are nt listed belw, brwse the FAQ at http://epstcard.frm990.rg/frmtsfaq.asp# (cpy and paste this link t yur brwser). General

More information

Blue Link Solutions Terminal Server Configuration How to Install Blue Link Solutions in a Terminal Server Environment

Blue Link Solutions Terminal Server Configuration How to Install Blue Link Solutions in a Terminal Server Environment Blue Link Slutins Terminal Server Cnfiguratin Hw t Install Blue Link Slutins in a Terminal Server Envirnment Prepared by: Darren Myher April 9, 2002 Table f Cntents Backgrund... 2 Applicatin Server mde

More information

Virtual Meetings and Virtual Teams Using Technology to Work Smarter

Virtual Meetings and Virtual Teams Using Technology to Work Smarter http://www.psu.edu/president/pia/innvatin/ INNOVATION INSIGHT SERIES NUMBER 9 Virtual Meetings and Virtual Teams Using Technlgy t Wrk Smarter Yu need t have a meeting. Sme f the peple yu d like t include

More information

Software Update Notification

Software Update Notification Sftware Update Ntificatin PSS0223-02 Mastersizer 3000 v1.01 sftware Abstract This dcument details the release f sftware PSS0223-02 v1.01 f the sftware fr the Mastersizer 3000 laser diffractin system. It

More information

Request for Proposal Technology Services

Request for Proposal Technology Services Avca Schl District 37 Wilmette, IL Request fr Prpsal Technlgy Services Netwrk and Systems Infrastructure Management Services December 5, 2013 Avca Schl District 37 is seeking an IT cnsulting firm t manage

More information

FAQs for Webroot SecureAnywhere Identity Shield

FAQs for Webroot SecureAnywhere Identity Shield FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere Identity Shield?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is the Webrt

More information

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips

X7500 Series, X4500 Scanner Series MFPs: LDAP Address Book and Authentication Configuration and Basic Troubleshooting Tips X7500 Series, X4500 Scanner Series MFPs: LDAP Address Bk and Authenticatin Cnfiguratin and Basic Trubleshting Tips Lexmark Internatinal 1 Prerequisite Infrm atin In rder t cnfigure a Lexmark MFP fr LDAP

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

Wireless Light-Level Monitoring

Wireless Light-Level Monitoring Wireless Light-Level Mnitring ILT1000 ILT1000 Applicatin Nte Wireless Light-Level Mnitring 1 Wireless Light-Level Mnitring ILT1000 The affrdability, accessibility, and ease f use f wireless technlgy cmbined

More information

Customers FAQs for Webroot SecureAnywhere Identity Shield

Customers FAQs for Webroot SecureAnywhere Identity Shield Custmers FAQs fr Webrt SecureAnywhere Identity Shield Table f Cntents General Questins...2 Why is the bank ffering Webrt SecureAnywhere sftware?... 2 What des it prtect?... 2 Wh is Webrt?... 2 Is Webrt

More information

2008 BA Insurance Systems Pty Ltd

2008 BA Insurance Systems Pty Ltd 2008 BA Insurance Systems Pty Ltd BAIS have been delivering insurance systems since 1993. Over the last 15 years, technlgy has mved at breakneck speed. BAIS has flurished in this here tday, gne tmrrw sftware

More information

Diagnosis and Troubleshooting

Diagnosis and Troubleshooting Diagnsis and Trubleshting DataDirect Cnnect Series ODBC Drivers Intrductin This paper discusses the diagnstic tls that are available t cnfigure and trublesht yur ODBC envirnment and prvides a trubleshting

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

Grant Application Writing Tips and Tricks

Grant Application Writing Tips and Tricks Grant Applicatin Writing Tips and Tricks Grants are prvided by gvernment (lcal, state and natinal), charitable trusts, and by cmmunity rganisatins (eg Ltteries, Rtary, etc). Each grant has a specific purpse,

More information

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor

ACTIVITY MONITOR Real Time Monitor Employee Activity Monitor ACTIVITY MONITOR Real Time Mnitr Emplyee Activity Mnitr This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it is a library

More information

In addition to assisting with the disaster planning process, it is hoped this document will also::

In addition to assisting with the disaster planning process, it is hoped this document will also:: First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business

More information

Avatier Identity Management Suite

Avatier Identity Management Suite Avatier Identity Management Suite AIMS Versin 9 System Requirements Versin 9 2603 Camin Ramn Suite 110 San Ramn, CA 94583 Phne: 800-609-8610 925-217-5170 FAX: 925-217-0853 Email: supprt@avatier.cm Page

More information

Telelink 6. Installation Manual

Telelink 6. Installation Manual Telelink 6 Installatin Manual Table f cntents 1. SYSTEM REQUIREMENTS... 3 1.1. Hardware Requirements... 3 1.2. Sftware Requirements... 3 1.2.1. Platfrm... 3 1.2.1.1. Supprted Operating Systems... 3 1.2.1.2.

More information

Webalo Pro Appliance Setup

Webalo Pro Appliance Setup Webal Pr Appliance Setup 1. Dwnlad the Webal virtual appliance apprpriate fr yur virtualizatin infrastructure, using the link yu were emailed. The virtual appliance is delivered as a.zip file that is n

More information

Junos Pulse Instructions for Windows and Mac OS X

Junos Pulse Instructions for Windows and Mac OS X Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.

More information

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved. Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and

More information

Getting started with Android

Getting started with Android Getting started with Andrid Befre we begin, there is a prerequisite, which is t plug the Andrid device int yur cmputer, and lad the drivers fr the OS. In writing this article, I was using Windws XP, 7

More information

Licensing Windows Server 2012 R2 for use with virtualization technologies

Licensing Windows Server 2012 R2 for use with virtualization technologies Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents

More information

Ensuring end-to-end protection of video integrity

Ensuring end-to-end protection of video integrity White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring

More information

esupport Quick Start Guide

esupport Quick Start Guide esupprt Quick Start Guide Last Updated: 5/11/10 Adirndack Slutins, Inc. Helping Yu Reach Yur Peak 908.725.8869 www.adirndackslutins.cm 1 Table f Cntents PURPOSE & INTRODUCTION... 3 HOW TO LOGIN... 3 SUBMITTING

More information

Network Intrusion Detection

Network Intrusion Detection Netwrk Intrusin Detectin Best f Breed Prtectin with SNORT Implementing Snrt Snrt can be readily implemented with the help f a special Linux distributin named Sentinix (http://www.sentinix.rg). Wait a minute,

More information

Troubleshooting and Supporting Windows 7 in the Enterprise

Troubleshooting and Supporting Windows 7 in the Enterprise Lincln Land Cmmunity Cllege Capital City Training Center 130 West Masn Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Trubleshting and Supprting Windws 7 in the Enterprise Curse 6293; 3 Days, Instructr-led

More information

User Guide Version 3.9

User Guide Version 3.9 User Guide Versin 3.9 Page 2 f 22 Summary Cntents 1 INTRODUCTION... 3 1.1 2 CREATE A NEW ACCOUNT... 4 2.1 2.2 3 NAVIGATION... 3 CREATE AN EMAIL ACCOUNT... 4 CREATE AN ALIAS ACCOUNT... 6 MODIFYING AN EXISTING

More information

PBX Remote Line Extension using Mediatrix 4104 and 1204 June 22, 2011

PBX Remote Line Extension using Mediatrix 4104 and 1204 June 22, 2011 PBX Remte Line Extensin using Mediatrix 4104 and 1204 June 22, 2011 Prprietary 2011 Media5 Crpratin Table f Cntents Intrductin... 3 Applicatin Scenari... 3 Running the Unit Manager Netwrk Sftware... 4

More information

Implementing SQL Manage Quick Guide

Implementing SQL Manage Quick Guide Implementing SQL Manage Quick Guide The purpse f this dcument is t guide yu thrugh the quick prcess f implementing SQL Manage n SQL Server databases. SQL Manage is a ttal management slutin fr Micrsft SQL

More information

Email Setup PPD IT How-to Guides June 2010

Email Setup PPD IT How-to Guides June 2010 Email Setup Cntents Email Infrmatin... 2 IMAP and POP3 settings... 2 Cnfiguring Micrsft Outlk 2007... 2 Archiving mail... 3 Cnfiguring AutArchive in Micrsft Outlk 2007... 3 Access frm ff site... 4 Cnfiguring

More information

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents

HP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents HP ExpertOne HP2-T21: Administering HP Server Slutins Industry Standard Servers Exam preparatin guide Table f Cntents Overview 2 Why take the exam? 2 HP ATP Server Administratr V8 certificatin 2 Wh shuld

More information

GUIDANCE FOR BUSINESS ASSOCIATES

GUIDANCE FOR BUSINESS ASSOCIATES GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.

More information

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant

The Allstate Foundation Domestic Violence Program 2015 Moving Ahead Financial Empowerment Grant The Allstate Fundatin Dmestic Vilence Prgram 2015 Mving Ahead Financial Empwerment Grant Due Date: September 1, 2015 Online applicatin: https://www.grantrequest.cm/sid_1010?sa=sna&fid=35296 The Allstate

More information

Copyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/ We have attempted to make these documents complete, accurate, and

Copyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.com/ We have attempted to make these documents complete, accurate, and ii Cpyright 2013, SafeNet, Inc. All rights reserved. http://www.safenet-inc.cm/ We have attempted t make these dcuments cmplete, accurate, and useful, but we cannt guarantee them t be perfect. When we

More information

Software Distribution

Software Distribution Sftware Distributin Quantrax has autmated many f the prcesses invlved in distributing new cde t clients. This will greatly reduce the time taken t get fixes laded nt clients systems. The new prcedures

More information

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated 2-12-15

AMWA Chapter Subgroups on LinkedIn Guidance for Subgroup Managers and Chapter Leaders, updated 2-12-15 AMWA Chapter Subgrups n LinkedIn Guidance fr Subgrup Managers and Chapter Leaders, updated 2-12-15 1. Chapters may nt have an independent grup n LinkedIn, Facebk, r ther scial netwrking site. AMWA prvides

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade

Security in Business and Applications. Madison Hajeb Stefan Hurst Benjamin Von Slade Security in Business and Applicatins Madisn Hajeb Stefan Hurst Benjamin Vn Slade Intrductin Prject Cncept - Implement security in a small business setting Original Plan - D sme security audits fr small

More information

1)What hardware is available for installing/configuring MOSS 2010?

1)What hardware is available for installing/configuring MOSS 2010? 1)What hardware is available fr installing/cnfiguring MOSS 2010? 2 Web Frnt End Servers HP Prliant DL 380 G7 2 quad cre Intel Xen Prcessr E5620, 2.4 Ghz, Memry 12 GB, 2 HP 146 GB drives RAID 5 2 Applicatin

More information

CSC IT practix Recommendations

CSC IT practix Recommendations CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins

More information