To be reviewed by all participants prior to each exercise.
Operations Security:
This red teaming exercise is a contest between teams and part of a study being done on red teaming and defenses. As such the requirements for operations security are as follows:
Threats:
- Short term threats include the other red teams (your competitors)
until all of the red team exercises are completed and the rest of the
world until the results of this research are published (in 6 months to a
year typically).
- Long term threats include those who might exploit what we learn
about the defenses we test in order to attack them.
Vulnerabilities:
- You might tell other people or teams what you or your group are
doing and inadvertently:
(1) The red teaming exercises are being done in a reasonably secure facility from a standpoint of the issues at hand. In addition, to physical security, digital diodes are being used between networks to prevent spillage and physical security of system in the exercise is bing increased to prevent accidental cross connects and lightly malicious (a.k.a. overly competitive) behavior.
(2) Don't tell anyone else what your team did or
found out until the end of the whole sequence of exercises.
Don't
tell anyone outside of the CCDs that you are doing this until results
are published.
Don't tell anyone about any defenses you defeat.
(3) Follow the rules of engagement strictly and do only those things you are permitted to do via these rules, but within the rules, do your best.
(4) DO NOT attempt to defeat any technical protections and do not attack the infrastructure that supports the exercise. Specifically, do not attack the diode or cross connect networks. The former will cause you to be unable to get supporting tools for your efforts, while the latter may be hazardous to your career.
(5) DO NOT use any of the green net systems EXCEPT during these exercises. They get cross connected to other networks during off hours so they can be reloaded for the next run.
(6) All reasonable efforts will be made to avoid pornographic sites. If encountered they will be immediately reported to the observer and at the end of the exercise to Fred Cohen, Barry Hess, Corbin Stewart, and Computer Security.
(7) Per standard CCD procedure, use an anonymizer service when accessing the general Internet.
Eric Thomas and some outside assistants will be doing a set of observations and surveys of the exercises with the goal of understanding how red teams work and develop over time.
- At the end of each exercise fill out the computerized questionnaire at http://10.0.5.53/ (from the gray network). Individual results will only be available to the researchers doing the study and only summary statistics will be published.
- After the form filling out, you will be asked the same questions as a team and will discuss the results as a team to generate additional data.
- We will be recording keystrokes and possibly other information during the study. Please do not subvert or pander to this. This allows us to study technical aspects of the process in detail later.
This experimental design is set up to allow repeatable experiments and to allow teams to make staggared starts and stops if necessary. It will also allow us to run the same exercizes on other groups. If you reveal specifics of these exercises, it may invalidate future experiments.
In each exercise, there will be access to three networks:
Initially, a standard CCD distribution will be provided for the green net computers and those computers will be attached to a hub that is not yet connected to the green net. At the start of the exercise, it is the job of the team to proceed as they see fit.
Transfer of information from the Internet to the CCD net will function through the Red to Gray Diode (place the files in //graynet/diode on the red net and they will appear in //rednet/diode on the gray net) and transfer from the CCD net to the green net will go through the Gray to Green diode (place the files in //greennet/diode on the gray net and they will appear in //graynet/diode on the green net). No reverse transfers will be allowed. A printer will be available on the green net as well.