The Assembly and provisioning of a red team

As the value and merit of red team exercises in both academic and corporate settings continues to grow, the need to share experiences with staffing, organizing and supporting the red team becomes increasingly important. This paper documents the Northeast Collegiate Cyber Defense Competition’s (NECCDC) Red Team captain’s experiences and lessons learned over the past four years. The paper will begin by identifying the skills and attributes needed for a Red Team and a process for selecting and recruiting members. The methods employed to form a cohesive working group from the members in the time available prior to the event will be discussed. The resources necessary for the Red Team to be effective and how they were provided is examined. We will look at how to promote planning and organization within the team focused on specific strategic goals and objectives of the Red Team. There are several duties during the event for a Red Team captain that will be examined and cautions that will be explained. At the end of the competition, the style and delivery of the after-action-report can have a profound effect on the Blue Teams. Experience with different approaches over the years will be examined. Recommendations for Red Team/Blue Team exchanges that can maximize the learning outcome for the students will be provided. Finally this paper will provide a summary of the experiences for others seeking to form and organize a Red Team either for a competition or an internal educational event

Abstracting network policies

Almost every human activity in recent years relies either directly or indirectly on the smooth and efficient operation of the Internet. The Internet is an interconnection of multiple autonomous networks that work based on agreed upon policies between various institutions across the world. The network policies guiding an institution’s computer infrastructure both internally (such as firewall relationships) and externally (such as routing relationships) are developed by a diverse group of lawyers, accountants, network administrators, managers amongst others. Network policies developed by this group of individuals are usually done on a white-board in a graph-like format. It is however the responsibility of network administrators to translate and configure the various network policies that have been agreed upon. The configuration of these network policies are generally done on physical devices such as routers, domain name servers, firewalls and other middle boxes. The manual configuration process of such network policies is known to be tedious, time consuming and prone to human error which can lead to various network anomalies in the configuration commands. In recent years, many research projects and corporate organisations have to some level abstracted the network management process with emphasis on network devices (such as Cisco VIRL) or individual network policies (such as Propane). [Continues.]</div