Lessons learned from the WRCCDC Invitational 12-3-16

The boxes you are given are not only insecure, they are misconfigured and broken. So the first step is to fix them so the required services are up and figure out how they interoperate. This must happen before you begin to secure them otherwise.

In our case, the students rushed to secure the boxes by adding firewalls, terminating unused services, and changing passwords, only to end up with apps that didn't work. We then spent most of the time trying to figure out what was wrong.

We did not properly use the week of preparation access to the machines to map out all the required services, and how they depended on one another. We should have gone into the event with these items already printed out:

Before the event started, we should have rehearsed this process:
  1. TEST all systems
  2. SECURE all systems
  3. TEST them again

Posted 12-4-16 by Sam Bowne