Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Spanish Forensic Challenge

From: David Barroso <tomac () somoslopeor com>
Date: Mon, 17 Nov 2003 23:03:58 +0100
RedIRIS, the Spanish academic R&D network, together with Spanish-speaking 
companies and security experts, proposes to security managers in Spanish 
universities, centers affiliated to RedIRIS and to Internet users worldwide 
a challenge consisting of the forensic analysis of a compromised Linux system.

Forensics is one of the information security fields that most has
evolved in recent years. Its primary goal is to provide answers to questions 
that arise when an intrusion attempt is discovered. That is,
when an attacker has succeeded in accessing one or more information
technology components of an organization:

    -   Who launched the attack? That is, what IP addresses are related
        to it? What was each attacking system used for?
    -   How was the attack successful? What vulnerability or
        configuration failure was used by the
        attacker in order to get access into the system?
    -   What did the attacker do once he got access? What tools did he
        use? What were his goals?

Even if it is best to keep a system up-to-date and well protected
against attacks, intrusions are frequent in open environments like 
universities and R&D centers. Experts formed in procedures to
analyze and comprehend an intrusion are needed. These must be trained in
using the techniques and tools that are related to this new field 
called "Computer forensics"

One of the problems in order to teach future expers in Computer
Forensics in the computer areas the basics is the availability of 
testing systems (systems which have been previously attacked) that
they can use to test and get a hold of current tools for analysis.
This challenge tries to help bypass this problem by providing a sample
attacked system with a configuration very similar to the one used in a 
university environment.

Thus, it can be used as a "testing lab". However, the challenge still asks 
for a detailed written report summarizing the analysis
results, just like it would be requested for a real attack.

Different experts in the security field will review these reports. Based
on the information presented and its evaluation a "winner" of the challenge 
will be selected.

More information is available in the following address:
http://www.rediris.es/cert/ped/reto

List of organizations and companies that help and sponsor this
challenge:

    * Cybex, http://www.cybex.es
    * Germinus, http://www.germinus.com
    * Guidance Software, http://www.guidancesoftware.com
    * LogiCube, http://www.logicube.com
    * RedIRIS, http://www.rediris.es
    * Revista Red Seguridad , http://www.borrmart.es
    * RNP-CAIS http://www.rnp.br/cais
    * S21Sec, http://www.s21sec.com
    * Sarenet, http://www.sarenet.es
    * SANS, http://www.sans.org
    * UNAM-CERT http://www.seguridad.unam.mx
Previous By Date Next
Previous By Thread Next

Current thread: