Whitehats, Red Team-Blue Team, Capture the Flag…

Recently Allan Stojanovic, one of the key members of the network visibility and InfoSec incident response team, organized and participated in a ‘Whitehat Challenge’ with CERN. Their goal was to, in a controlled way, hack at CERN’s infrastructure for the purpose of discovering vulnerabilities and, in turn, improving the security design of services.

CERN acknowledgement:

https://security.web.cern.ch/security/home/en/kudos.shtml

And the CERN info on ‘Whitehat Challenge’:

https://security.web.cern.ch/security/services/en/whitehats.shtml

The toolbox of information security is full of vendor products: detection/blocking attacks, prevention, and finding vulnerabilities. The ‘whitehat’ challenge is different. Akin to penetration testing, this is primarily a skill that people bring. The skill includes the abilities to:

  • discover what’s connected on the network, and use that to:
  • gather information of one particular device, and use that to:
  • find a single vulnerability on that device, and use that to…

You get the idea. This type of work usually requires expert level knowledge and it explains in part why information security staffing is a challenge in today’s world. How can this be remedied? Part of the answer lies in infosec community events such as the whitehat challenge that CERN ran. This was a grassroots effort to bring experts together to exercise their skill as well as give CERN a valuable test of their infrastructure. Another example of this kind of event are ‘Capture-the-Flag’ competitions where teams try to find the ‘flag’ by using their infosec penetration skills. Finally we have Red Team-Blue Team competitions where the Red Team are the infosec attackers and the Blue Team are the defenders.

These kinds of events are important to strengthen infosec expertise thus contributing to the ability of our institution, the University of Toronto, to protect itself in the infosec environment we find ourselves. I look forward to working with other community members to organize an event or two here!

 

Improved Information Security and Enterprise Architecture Website

Welcome to the re-vamped Information Security and Enterprise Architecture  (ISEA) website. The objective for the new site is to improve the presentation and usability of ISEA’s services and information. In conjunction with the Information Security Awareness and Education site (https://securitymatters.utoronto.ca), you can easily find information and see it presented in a format that fits your needs.

New features:

  • updated information security incident response procedure and reporting information.
  • improved view of the information security risk assessment service.
  • a view of work on ISEA and ITS compliance practices for data retention.
  • a view of  ITS work on information security standards, guidelines and procedures.

Check the ‘Services’ section that includes help and documentation for:

  • Identity and Access Management (UTORid account information, UTORid and eToken authentication, UTORGrouper and UTORauth authorization services).
  • Enterprise Architecture principles and artifacts.
  • Enterprise Active Directory.
  • Antivirus advice, network vulnerability scanning service.

Our goal is to provide the University community with services and information that can be used to reduce information security associated risks. I welcome your comments and suggestions.

Mike