Nessus Compliance Generator

Today we’re releasing a tool called Nessus Compliance Generator as open source under the BSD License.  The full code can be found on the Argonne National Laboratory github.

Nessus has many options to check for audit and compliance issues on databases and systems. However, building the config files to do these types of checks can be tedious and time consuming. To bridge this gap, we’ve built a GUI tool to help you stitch the different pieces together and make building compliance tasks more a data entry task than a task for a sysadmin or a programmer.
Read more

Reflecting on Our Second Annual Cyber Defense Competition

On April 1st 2017, fifteen collegiate teams from across the country participated in Argonne National Laboratory’s Second Annual Cyber Defense Competition. Blue Teams defended their networking infrastructure and utilities against attacks from the Red Team. This post will detail the highlights of the competition, including how teams were breached, what went into scoring, and how our team built the Industrial Control Systems for the competition.

Read more

Amazon S3 Outage Highlights Resilience Issues with Cloud Infrastructure

Amazon S3 suffered a significant outage on Wednesday in its US-East-1 region. This outage affected a number of companies in what seemed to be unpredictable ways.  Yesterday a DNS outage at GoDaddy caused similar effects on availability of what otherwise seems like an unrelated set of Internet sites.  We saw similar outages last year as a result of configuration problems at Level 3 and DDoS attacks from the Mirai botnet.  All of these outages point to significant resilience issues incurred with cloud and managed hosting services.  These resilience issues should be approached as part of risk management planning, but as our recent study in Ashburn VA highlighted, shared vocabulary for these types of informed risk decisions between customers and data center and network providers is often not adequate.

Read more

Improving Resilience When We Don’t Have Steady State

Nate Evans and Mike Thompson from the COAR team recently spent some time at the African Institute for Mathematics and Science (AIMS) teaching computer networking and cyber security to a cohort of 40 students.  During our time at AIMS, we encountered many situations that made us think about how our research in resilience applies in a place like Senegal where we can’t make any assumptions about steady state.

Read more

Argonne’s Cyber Defense Competition Provides a Unique Spin on the Traditional Competition Space

Argonne National Laboratory’s Cyber Defense Competition

Argonne National Laboratory’s Cyber Operations, Analysis and Research (COAR) team partnered with Education is hosting their second Annual Cyber Defense Competition on Saturday, April 1, 2017 at Argonne National Laboratory. This competition seeks college students from varying levels of higher education and regions within the United States to defend a real-world simulation of an energy and water distribution system. Read more

Cyber Defense Competition – Puzzle #3

Meditullium.

We’re now sufficiently down the rabbit hole – are you up for a stroll in wonderland?

If so, test your crypto skills by cracking puzzle #3, Meditullium.

This is the third of four puzzles, each of which increases in complexity.

May the odds be in your favor.

If you think you have the correct solution, email CyberDefense-Competition@anl.gov, and the Puzzlemaster will let you know if you have successfully solved the puzzle.

47 6f 6f 64 20 4c 75 63 6b 0d 0


This post was written for the 2017 Cyber Defense Competition.

Cyber Defense Competition – Puzzle #2

Patronizare.

Test your crypto skills by cracking puzzle #2 in this cyber security simulation.

This is the second of four puzzles, each of which increases in complexity.

May the odds be in your favor.

If you think you have the correct solution, email CyberDefense-Competition@anl.gov, and the Puzzlemaster will let you know if you have successfully solved the puzzle.

47 6f 6f 64 20 4c 75 63 6b 0d 0


This post was written for the 2017 Cyber Defense Competition.

Reddit AMA: The ins and outs of working in cybersecurity

UPDATE: Reddit AMA is here: https://redd.it/5gujag

coffee-and-tea-1359055910Join the live Reddit Ask Me Anything (AMA) online event TODAY at 1 p.m. to learn about available cyber security jobs in Argonne’s  Cyber Operations, Analysis and Research (COAR) team, part of the Risk and Infrastructure Science Center (RISC). Current team members stand ready to answer your questions about what it’s like to work in cyber security at a national laboratory.

Read more