In the third Symantec Cyber Security Challenges, more than a hundred seasoned hackers and security professionals came out to Washington University in St. Louis on 9.12.2012. The “challenge” included an exciting cyber “Capture the Flag” simulation and the chance to win $20,000. The hackers were presented with a challenge to gain access to key data on two systems (Linux and Windows) with confidential information. The Linux system was simulating a nuclear power plant portal and the Windows system was simulating a portal for the missile defense system. The objective was to get past the security of the two systems, obtain login passwords, and gain access to confidential information. The confidential data was protected with varying degrees of security.
After 5 hours, 10 out of 16 flags were captured but no one was successful in capturing the main flag. The main flag, on an unpatched Windows 2003 Server, was protected by Symantec Critical System Protection. Critical System Protection’s prevention capabilities blocked any vulnerabilities on the unpatched system from being exploited. The main flag was an Excel file and Critical System Protection successfully prevented access to it. While CSP’s Exploit Prevention was used to protect the flag, we also used CSP’s File Integrity Monitoring capabilities to monitor any access to the flag. Through CSP’s Least Privileged Access Control, even if the testers found a way on the system, they couldn’t get access to the file.
To find out more about Critical System Protection, the proven and comprehensive choice for server security, go to https://www.symantec.com/critical-system-protection.